CVE-2022-3194

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-3194

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3194.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-3194

Published

2024-01-16T16:15:09.883Z

Modified

2026-04-10T04:48:01.857859Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.

References

https://wpscan.com/vulnerability/85e32913-dc2a-44c9-addd-7abde618e995/

Affected packages

Git / github.com/getdokan/dokan

Affected ranges

Type

GIT

Repo

https://github.com/getdokan/dokan

Events

Introduced

Fixed

54cf44d341aaab91e9d3101a625622145394fe9c

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.6.4"
        }
    ]
}

Affected versions

v2.*

v2.5.6

v3.*

v3.0.14

v3.0.15

v3.0.16

v3.1.0

v3.1.1

v3.1.2

v3.2.0

v3.2.1

v3.2.10

v3.2.11

v3.2.12

v3.2.13

v3.2.14

v3.2.15

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.5.0

v3.5.1

v3.6.0

v3.6.1

v3.6.2

v3.6.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3194.json"