CVE-2022-3194

Summary

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.

Affected Software

VendorProductVersion RangeStatus
UnknownDokan0 < 3.6.4affected

Weaknesses

  • CWE-79 Cross-Site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References