CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-56033

CVSS 9.8v3.1pub. 2026-06-26

Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-266 (Incorrect Privilege Assignment) involves incorrect privilege assignment in the Dokan Pro plugin. An attacker without any account or session can exploit this flaw to gain higher privileges than those to which they should be entitled. The lack of authentication requirement (PR:N, UI:N) means that the exploit can be carried out remotely over the network without any user interaction.

Impact

An attacker can gain elevated privileges within the WordPress application, which may lead to complete takeover of the website, including data reading, modification, and deletion (C:H, I:H, A:H).

Mitigation & patch

The Dokan Pro plugin should be immediately updated to a version higher than 5.0.4. Detailed information about available patches can be found in the manufacturer's references and in the Patchstack database.

Who is affected

Dokan Pro plugin for WordPress in versions 5.0.4 and earlier.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References