CVE-2022-3194

medium

Description

The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.

References

https://wpscan.com/vulnerability/85e32913-dc2a-44c9-addd-7abde618e995/

Details

Source: Mitre, NVD

Published: 2024-01-16

Updated: 2026-02-24

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N