CVE-2025-12809

Name of the Vulnerable Software and Affected Versions Dokan Pro versions through 4.1.3

Description The Dokan Pro plugin for WordPress has a flaw that allows unauthorized access to data. This is due to a missing capability check on the /dokan/v1/wholesale/register API endpoint. An unauthenticated attacker can enumerate users and retrieve their email addresses via the REST API by providing a user ID. Other information potentially accessible includes usernames, display names, user roles, and registration dates.

Recommendations Update Dokan Pro to a version later than 4.1.3.