WordPress - Dokan: Ai Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, Ebay, Etsy - HIGH - CVE-2025-14977. The Dokan WooCommerce plugin for WordPress exposes a significant security flaw allowing authenticated users with customer-level permissions or higher to exploit the `/wp-json/dokan/v1/settings` REST API endpoint. Due to inadequate validation of user-controlled keys, attackers could access and alter sensitive settings of other vendors, including payment details like PayPal emails, bank account information, and personal identifiers. This vulnerability poses a serious risk as it enables the unauthorized modification of vendor data, potentially facilitating financial theft during marketplace transaction processes.