CVE-2026-56033EXPLOITED

dokan · dokan pro

WordPress Dokan Pro plugin <= 5.0.4 - Privilege Escalation vulnerability

Description

A vulnerability was found in Dokan Multivendor Plugin Dokan Pro Plugin up to 5.0.4 on WordPress. This manipulation causes incorrect privilege assignment.

Affected Products

Vendor	Product	Versions
dokan	dokan pro	n/a

References

https://patchstack.com/database/wordpress/plugin/dokan-pro/vulnerability/wordpress-dokan-pro-plugin-5-0-4-privilege-escalation-vulnerability?_s_id=cve(vdb-entry)

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-56033 | Dokan Multivendor Plugin Dokan Pro Plugin up to 5.0.4 on WordPress privileges assignment

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-266

PublishedJun 26, 2026

Last enriched1d agov2

Trending Score54

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-11987EXP

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Information Disclosure via 'id' Parameter

Trending: 43

HIGHCVE-2026-11783EXP

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.4 - Authenticated (Custom+) Stored Cross-Site Scripting via Product SKU

Trending: 43

HIGHCVE-2026-49780

WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability

Trending: 7

MEDIUMCVE-2026-10023

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers

Trending: 6

MEDIUMCVE-2026-3504EXP

Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 4.3.1 - Unauthenticated Information Disclosure in Store Reviews REST API Endpoint

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 26, 2026

Discovered by ZDM

Jun 26, 2026

Actively Exploited

Jun 26, 2026

Updated: description, activelyExploited

Jun 26, 2026

Version History

Last enriched 1d ago

v2Tier C1d ago

Updated description with more technical detail and marked the vulnerability as actively exploited.

descriptionactivelyExploited

via VulDB

v11d ago

Initial creation