Zero Day MonitorZDM

← Back to list

6.4

CVE-2026-11783EXPLOITED

dokan · dokan: ai powered woocommerce multivendor marketplace solution

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU

Description

A vulnerability identified as problematic has been detected in dokaninc Dokan Plugin up to 5.0.4 on WordPress. Impacted is the function html. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2026-11783. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

Affected Products

Vendor	Product	Versions
dokan	dokan: ai powered woocommerce multivendor marketplace solution	0, 5.0.4

References

Related News (1 articles)

Tier C

VulDB18h ago

CVE-2026-11783 | dokaninc Dokan Plugin up to 5.0.4 on WordPress html cross site scripting

→ No new info (linked only)

CVSS 3.16.4 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-79

PublishedJun 27, 2026

Last enriched18h agov2

Trending Score43

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-56033EXP

WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability

HIGHCVE-2026-11987EXP

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter

HIGHCVE-2026-49780

WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability

MEDIUMCVE-2026-10023

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers

MEDIUMCVE-2026-3504EXP

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 27, 2026

Actively Exploited

Jun 27, 2026

Discovered by ZDM

Jun 27, 2026

Updated: description, affectedVersions, severity, activelyExploited

Jun 27, 2026

Version History

v2

Last enriched 18h ago

v2Tier C18h ago

Updated vendor to 'dokaninc', changed severity to HIGH, and noted that the vulnerability is actively exploited.

descriptionaffectedVersionsseverityactivelyExploited

via VulDB

v120h ago

Initial creation