Dokan Pro <= 5.0.4 - Unauthenticated Privilege Escalation
2026-06-23 00:00
VanTasticStrategic Overview
StatusPatched in 5.0.5
Affected PluginDokan Pro
Affected Version
<= 5.0.4CVSS9.8Critical
CVE
CVE-2026-56033Vulnerability Overview
The Dokan Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.0.4. This makes it possible for unauthenticated attackers to elevate their privileges.
Technical Analysis
REMEDIATION: Update to version 5.0.5, or a newer patched version --- IDENTIFIER: CWE-266 (Incorrect Privilege Assignment) A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
External References
Vulnerability data © Defiant, Inc., provided under the Wordfence Intelligence T&C