CVE-2026-3504 in Dokan: AI Powered WooCommerce Multivendor Marketplace Solution Plugin情報

要約

〜によって MITRE • 2026年05月02日

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.1 via the '/dokan/v1/stores/{id}/reviews' REST API endpoint. This is due to the 'prepare_reviews_for_response' method including reviewer email addresses, usernames, and user IDs in the API response. This makes it possible for unauthenticated attackers to extract email addresses, usernames, and user IDs of all customers who left reviews on any vendor's store. The Pro version of the plugin must be installed and activated, with store reviews enabled, in order to exploit the vulnerability.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

責任者

Wordfence

予約する

2026年03月04日

公開

2026年05月02日

モデレーション

承諾済み

エントリ

VDB-360848

CPE

準備完了

CWE

CWE-200 (確認済み)

CVSS

5.3 (CNA)

EPSS

0.00043

KEV

いいえ

アクティビティ

非常低い

セクター

Telecommunication, Transportation, ...

ソース

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-3504
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-3504
CVE Details	https://www.cvedetails.com/cve/CVE-2026-3504/

◂ 前概要次 ▸

Do you know our Splunk app?

Download it now for free!