CVE-2025-12809
📋 TL;DR
The Dokan Pro WordPress plugin has a missing capability check on its wholesale registration REST API endpoint, allowing unauthenticated attackers to enumerate user data including email addresses, usernames, roles, and registration dates. This affects all WordPress sites using Dokan Pro version 4.1.3 and earlier. The vulnerability enables information disclosure that could facilitate further attacks.
💻 Affected Systems
- Dokan Pro WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers harvest all user email addresses and profile information, enabling targeted phishing campaigns, credential stuffing attacks, and social engineering against the entire user base.
Likely Case
Attackers enumerate user data to identify administrative accounts and gather intelligence for follow-up attacks, potentially leading to account compromise or data breaches.
If Mitigated
Limited exposure of non-sensitive user profile fields with proper monitoring detecting enumeration attempts.
🎯 Exploit Status
Simple HTTP requests to the vulnerable endpoint with user ID parameters can enumerate user data. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.1.4 or later
Vendor Advisory: https://dokan.co/wordpress/changelog/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Dokan Pro and click 'Update Now'. 4. Verify version is 4.1.4 or higher.
🔧 Temporary Workarounds
Disable REST API Endpoint
allBlock access to the vulnerable wholesale registration endpoint using .htaccess or web application firewall rules.
# Add to .htaccess
RewriteEngine On
RewriteRule ^wp-json/dokan/v1/wholesale/register - [F,L]
Restrict REST API Access
allImplement IP-based restrictions or authentication requirements for the Dokan REST API endpoints.
# Example .htaccess restriction
Order Deny,Allow
Deny from all
Allow from 192.168.1.0/24
🧯 If You Can't Patch
- Implement web application firewall rules to block requests to /wp-json/dokan/v1/wholesale/register
- Monitor logs for unusual patterns of requests to Dokan REST API endpoints
🔍 How to Verify
Check if Vulnerable:
Send GET request to /wp-json/dokan/v1/wholesale/register?user_id=1 and check if user data is returned without authentication.Check Version:
wp plugin list --name=dokan-pro --field=versionVerify Fix Applied:
After update, attempt the same request - should return 401 Unauthorized or no user data.📡 Detection & Monitoring
Log Indicators:
- Multiple GET requests to /wp-json/dokan/v1/wholesale/register with sequential user_id parameters
- Unusual volume of requests from single IP to Dokan endpoints
Network Indicators:
- HTTP 200 responses to unauthenticated requests to the wholesale registration endpoint
- Pattern of requests enumerating user IDs (1,2,3,etc.)
SIEM Query:
source="web_logs" AND uri="/wp-json/dokan/v1/wholesale/register" AND NOT user_agent="*bot*" | stats count by src_ip