Privilege Escalation Vulnerability in Dokan Lite by Dokan, Inc.
CVE-2025-53425

7.6HIGH

Key Information:

Vendor: WordPress
Status: Dokan
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-53425?

The Dokan Lite plugin, developed by Dokan, Inc., contains an incorrect privilege assignment vulnerability that could allow attackers to escalate their privileges. This issue impacts versions of Dokan Lite from n/a to 4.1.2, enabling unauthorized access and actions within the application. Users of Dokan Lite are urged to ensure they are on the latest version to mitigate this risk.

Affected Version(s)

Dokan <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/doka...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Jun 30, 2025

Credit

Phat RiO - BlueRock (Patchstack Alliance)

JSON