Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter

Description

A vulnerability, classified as problematic, has been found in dokaninc Dokan Plugin up to 5.0.4 on WordPress. The manipulation of the argument ID leads to authorization bypass. This vulnerability is traded as CVE-2026-11987. It is possible to initiate the attack remotely.

Affected Products

Vendor	Product	Versions
dokan	dokan: ai powered woocommerce multivendor marketplace solution	0

References

Related News (1 articles)

Tier C

VulDB18h ago

CVE-2026-11987 | dokaninc Dokan Plugin up to 5.0.4 on WordPress ID authorization

→ No new info (linked only)

CVSS 3.14.3 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-639

PublishedJun 27, 2026

Last enriched18h agov2

Trending Score43

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 18h ago

v2Tier C18h ago

Updated vendor to 'dokaninc', product to 'Dokan Plugin', severity to 'HIGH', and noted that the vulnerability is actively exploited.

descriptionseverityactivelyExploited

via VulDB

v120h ago

Initial creation

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History