Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-3194

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.

Published

2024-01-16T16:15:09.883

Last Modified

2025-06-02T16:15:23.703

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	wedevs	dokan	< 3.6.4	Yes

References

https://wpscan.com/vulnerability/85e32913-dc2a-44c9-addd-7abde618e995/ Exploit, Third Party Advisory ([email protected])
https://wpscan.com/vulnerability/85e32913-dc2a-44c9-addd-7abde618e995/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)