Description
Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
Published: 2026-06-26
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Dok...plugin versions up to 5.0.4 contain an unauthenticated privilege escalation flaw. The defect allows an attacker to gain elevated privileges on a WordPress site running Dokan Pro without needing valid credentials. As a result, an attacker could perform any action that an administrator can, including modifying content, managing users, or installing additional plugins, which severely compromises confidentiality, integrity, and availability of the site.

Affected Systems

The vulnerability affects the Dokan Multivendor Plugin: Dokan Pro for WordPress, specifically installations using version 5.0.4 or earlier.

Risk and Exploitability

The CVSS score of 9.8 reflects a high severity and the absence of an EPSS score indicates no current exploitation data is publicly available. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw via an unauthenticated request to the plugin, making the attack vector likely network-based.

Generated by OpenCVE AI on June 26, 2026 at 16:41 UTC.

Remediation

Vendor Solution

Update the WordPress Dokan Pro Plugin to the latest available version (at least 5.0.5).

OpenCVE Recommended Actions

  • Apply the official patch by updating the Dokan Pro Plugin to version 5.0.5 or newer.
  • Reconfigure role permissions so that only trusted users have elevated capabilities within Dokan Pro.
  • Monitor audit logs for suspicious activity and set alerts on any unauthorized privilege changes.

Generated by OpenCVE AI on June 26, 2026 at 16:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 15:15:00 +0000

Type Values Removed Values Added
Description Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
Title WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-26T15:41:50.366Z

Reserved: 2026-06-18T14:37:40.347Z

Link: CVE-2026-56033

cve-icon Vulnrichment

Updated: 2026-06-26T15:41:46.698Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T16:45:03Z

Weaknesses
  • CWE-266

    Incorrect Privilege Assignment