Dokan Pro <= 5.0.4 - Unauthenticated Privilege Escalation

2026-06-23 00:00
VanTastic

Strategic Overview

Status
Patched in 5.0.5
Affected PluginDokan Pro
Affected Version<= 5.0.4
CVSS9.8Critical
CVECVE-2026-56033
View all Dokan Pro vulnerabilities

Vulnerability Overview

The Dokan Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.0.4. This makes it possible for unauthenticated attackers to elevate their privileges.

Technical Analysis

REMEDIATION: Update to version 5.0.5, or a newer patched version --- IDENTIFIER: CWE-266 (Incorrect Privilege Assignment) A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

External References

Vulnerability data © Defiant, Inc., provided under the Wordfence Intelligence T&C