WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability

Description

Customer Privilege Escalation in Dokan <= 5.0.2 versions.

Affected Products

Vendor	Product	Versions
dokan	dokan	n/a

References

https://patchstack.com/database/wordpress/plugin/dokan-lite/vulnerability/wordpress-dokan-plugin-5-0-2-privilege-escalation-vulnerability?_s_id=cve(vdb-entry)

Related News (1 articles)

Tier C

VulDB11d ago

CVE-2026-49780 | Dokan Plugin up to 5.0.2 on WordPress privileges assignment

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-266

PublishedJun 15, 2026

Last enriched12d ago

Trending Score7

Source articles1

Independent1

Info Completeness5/14

Missing: vendor, product, versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-56033EXP

WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability

Trending: 54

HIGHCVE-2026-11987EXP

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter

Trending: 43

HIGHCVE-2026-11783EXP

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU

Trending: 43

MEDIUMCVE-2026-10023

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers

Trending: 6

MEDIUMCVE-2026-3504EXP

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Jun 15, 2026

Discovered by ZDM

Jun 16, 2026