Vulnerabilities

CVE-2025-14977 - Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own ...

2026-01-20 0 views admin
CVE-2025-14977 - Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own ...

CVE ID : CVE-2025-14977 Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 23 minutes ago Description : The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the `/wp-json/dokan/v1/settings` REST API endpoint due to missing validation on a user-controlled key. This makes it possible for authenticated attackers, with customer-level permissions and above, to read or modify other vendors' store settings including sensitive payment information (PayPal email, bank account details, routing numbers, IBAN, SWIFT codes), phone numbers, and addresses, and change PayPal email addresses to attacker-controlled addresses, enabling financial theft when the marketplace processes payouts. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
HIGH
Published
Jan. 20, 2026
Affected Product: WordPress

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14977highwordpress

More from Vulnerabilities

CVE-2025-14533 - Advanced Custom Fields: Extended <= 0.9.2.1 - unauthenticated privilege escalati...

CVE-2025-14533 - Advanced Custom Fields: Extended <= 0.9.2.1 - unauthenticated privilege escalati...

2026-01-20 0
CVE-2025-41084 - Stored Cross-Site Scripting (XSS) in Sesame web application

CVE-2025-41084 - Stored Cross-Site Scripting (XSS) in Sesame web application

2026-01-20 0
CVE-2025-66523 - Reflected Cross-Site Scripting (XSS) Vulnerability in na1.foxitesign.foxit.com v...

CVE-2025-66523 - Reflected Cross-Site Scripting (XSS) Vulnerability in na1.foxitesign.foxit.com v...

2026-01-20 0
CVE-2026-1223 - BROWAN COMMUNICATIONS |PrismX MX100 AP controller - Insufficiently Protected Cred...

CVE-2026-1223 - BROWAN COMMUNICATIONS |PrismX MX100 AP controller - Insufficiently Protected Cred...

2026-01-20 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views