MEDIUM
dokaninc
CVE published 2026-06-18
CVE-2026-10023
The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference (IDOR) in versions up to and including 5.0.3. This vulnerability allows authenticated attackers with custom vendor-level access and above to modify arbitrary orders, add notes to any order, delete order notes or WordPress comments, inject fake shipping tracking informat [truncated]