PatchSiren cyber security CVE debrief
CVE-2026-12077 wedevs CVE debrief
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the 'latitude' and 'longitude' parameters in all versions up to, and including, 5.0.4. This vulnerability allows unauthenticated attackers to append additional SQL queries into existing queries, potentially leading to sensitive information disclosure. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity. The CVE record was published on June 25, 2026, and last modified on June 29, 2026.
- Vendor
- wedevs
- Product
- Dokan Pro
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-25
- Original CVE updated
- 2026-06-29
- Advisory published
- 2026-06-25
- Advisory updated
- 2026-06-29
Who should care
Administrators and users of the Dokan Pro plugin for WordPress should be aware of this vulnerability and take immediate action to protect their installations. This vulnerability can be exploited by unauthenticated attackers, making it a high-risk issue. WordPress users with the Dokan Pro plugin installed should prioritize updating to a patched version or applying compensating controls.
Technical summary
The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection due to insufficient escaping on user-supplied parameters and lack of sufficient preparation on existing SQL queries. The vulnerability affects all versions up to and including 5.0.4. An attacker can exploit this vulnerability by injecting malicious SQL queries via the 'latitude' and 'longitude' parameters. This could lead to sensitive information disclosure from the database. The vulnerability has a CVSS score of 7.5 and is classified as HIGH severity.
Defensive priority
High priority should be given to updating the Dokan Pro plugin to a patched version or applying compensating controls to mitigate the risk of exploitation. Administrators should review their WordPress installations and ensure that the Dokan Pro plugin is updated to a version that addresses this vulnerability.
Recommended defensive actions
- Update the Dokan Pro plugin to a patched version (if available) or apply compensating controls to restrict access to the affected parameters.
- Implement additional monitoring and logging to detect potential exploitation attempts.
- Review and update existing SQL queries to ensure proper escaping and preparation of user-supplied parameters.
- Consider applying Web Application Firewalls (WAFs) rules to detect and prevent SQL injection attacks.
- Perform regular security audits and vulnerability assessments to identify and address potential issues.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score, affected versions, and potential impact. The source item URL provides additional context from the NVD database. The references provided by [email protected] offer further details on the vulnerability and potential mitigation strategies.
Official resources
This article is AI-assisted and based on the supplied source corpus.