CVE-2022-3194: Dokan < 3.6.4 - Vendor Stored Cross-Site Scripting
First published: Tue Jan 16 2024(Updated: )
The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wedevs Dokan | <3.6.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-3194?
CVE-2022-3194 is considered a high-severity vulnerability due to its potential for stored XSS attacks.
How do I fix CVE-2022-3194?
To fix CVE-2022-3194, update the Dokan WordPress plugin to version 3.6.4 or later.
Who is affected by CVE-2022-3194?
CVE-2022-3194 affects users of the Dokan WordPress plugin versions prior to 3.6.4.
What kind of attack can CVE-2022-3194 allow?
CVE-2022-3194 allows vendors to inject arbitrary JavaScript in product reviews, enabling stored XSS attacks against users.
Is CVE-2022-3194 exploitable by all users?
Only vendors with the ability to post product reviews can exploit CVE-2022-3194 to execute stored XSS attacks.
- agent/weakness
- agent/author
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/event
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/wedevs
- canonical/wedevs dokan