CVE-2022-3194: 
WordPress vulnerability analysis and mitigation

The Dokan WordPress plugin, a WooCommerce multivendor marketplace solution, was found to contain a stored Cross-Site Scripting (XSS) vulnerability before version 3.6.4. The vulnerability was discovered by researcher Veshraj Ghimire and was publicly disclosed on June 2, 2022, with the CVE identifier CVE-2022-3194 being assigned on September 13, 2022 (WPScan).

The vulnerability allows vendors to inject arbitrary JavaScript code into product reviews, potentially enabling stored XSS attacks against other users, including site administrators. The vulnerability has been assigned a CVSS score of 5.4 (medium severity) and is classified under CWE-79. This security issue falls under the OWASP Top 10 category A7: Cross-Site Scripting (XSS) (WPScan).

When exploited, this vulnerability could allow malicious vendors to execute arbitrary JavaScript code in the context of other users' browsers, particularly targeting site administrators who view product reviews. This could potentially lead to unauthorized actions being performed on behalf of the affected users (NVD).

The vulnerability has been patched in Dokan version 3.6.4. Site administrators running affected versions should update their Dokan plugin to version 3.6.4 or later to mitigate this security risk (WPScan).