WordPress Plugin Vulnerabilities

Dokan < 4.1.4 - Shop Manager+ Privilege Escalation

Description

The plugin is vulnerable to Privilege Escalation. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to gain access to administrator-level accounts.

Affects Plugins

Plugin icon
dokan-lite
Fixed in 4.1.4

References

CVE
CVE-2025-53425
URL
https://vdp.patchstack.com/database/Wordpress/Plugin/dokan-lite/vulnerability/wordpress-dokan-plugin-4-0-8-privilege-escalation-vulnerability

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Phat RiO - BlueRock
Verified
No
WPVDB ID
81c67b81-0aa9-4111-bff7-d176cec88d18

Timeline

Publicly Published
2025-09-20 (about 8 months ago)
Added
2025-11-04 (about 7 months ago)
Last Updated
2025-11-07 (about 6 months ago)

Other

Published
Title
Published
2019-01-25
Title
Health Check & Troubleshooting <= 1.2.3 - Authenticated Lack of Authorisation
Published
2022-07-06
Title
Simple Membership < 4.1.3 - Membership Privilege Escalation
Published
2021-07-26
Title
Advanced Shipment Tracking for WooCommerce < 3.2.7 - Authenticated Options Change
Published
2024-09-10
Title
WooCommerce Photo Reviews Premium < 1.3.14 - Authentication Bypass to Account Takeover and Privilege Escalation
Published
2025-08-25
Title
Event List < 2.0.5 - Authenticated (Subscriber+) Privilege Escalation