cbcvebase.
CVE-2025-12809
published 2025-12-16

CVE-2025-12809: The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/dokan/v1/wholesale/register` REST…

PriorityP431medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.21%
10.5th percentile
The Dokan Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `/dokan/v1/wholesale/register` REST API endpoint in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to enumerate users and retrieve their email addresses via the REST API by providing a user ID, along with other information such as usernames, display names, user roles, and registration dates.

Affected

1 ranges
VendorProductVersion rangeFixed in
wedevsdokan_pro<= 4.1.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.