CVE-2022-3194

Name of the Vulnerable Software and Affected Versions Dokan WordPress plugin versions prior to 3.6.4

Description The issue allows vendors to inject arbitrary javascript in product reviews, potentially leading to stored XSS attacks against other users, including site administrators.

Recommendations For versions prior to 3.6.4, update to version 3.6.4 or later to resolve the issue. As a temporary workaround, consider disabling the product review feature until a patch is available. Restrict access to product reviews to minimize the risk of exploitation. Avoid allowing vendors to inject arbitrary javascript in product reviews until the issue is resolved.