23 matches found
CVE-2026-49068
The CVE concerns the WordPress Coupon Affiliates plugin (versions
CVE-2026-49068 WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Coupon Affiliates = 7.8.1 versions...
WordPress Coupon Affiliates – Affiliate Plugin for WooCommerce plugin <= 5.17.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Coupon Affiliates versions = 5.17.2...
CVE-2025-59567 WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.8.0...
CVE-2025-59567
CVE-2025-59567 is a real Missing Authorization issue identified in the Coupon Affiliates – Affiliate Plugin for WooCommerce. The connected Wordfence vulnerability listing confirms the flaw exists in Coupon Affiliates up to version 6.8.0 and rates it as a Medium impact (CVSS v3.1: 5.5; network att...
CVE-2025-59567 WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through = 6.8.0...
CVE-2025-8692 Coupon API <= 6.2.12 - Authenticated (Administrator+) SQL Injection via 'log_duration'
The Coupon API plugin for WordPress is vulnerable to SQL Injection via the ‘logduration’ parameter in all versions up to, and including, 6.2.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress Coupon API plugin <= 6.2.12 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Coupon API versions = 6.2.12...
CVE-2025-54025 WordPress Coupon Affiliates Plugin <= 6.4.0 - Settings Change Vulnerability
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through = 6.4.0...
CVE-2025-54025 WordPress Coupon Affiliates Plugin <= 6.4.0 - Settings Change Vulnerability
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.4.0...
CVE-2025-54022 WordPress Coupon Affiliates plugin <= 6.4.0 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Cross Site Request Forgery.This issue affects Coupon Affiliates: from n/a through = 6.4.0...
CVE-2025-54022
CVE-2025-54022 is a CSRF vulnerability in the WordPress plugin Coupon Affiliates (Elliot Sowersby) affecting versions through 6.4.0. Public sources indicate the issue has been patched in newer releases; the vulnerability could allow an authenticated actor to perform actions on behalf of a logged-...
CVE-2024-56235
CVE-2024-56235 affects the WordPress Coupon plugin. The vulnerability is a DOM-Based XSS caused by improper input neutralization during page generation, impacting Coupon versions up to 1.2.1 (per NVD/Red Hat) and up to 1.2.2 (per Patchstack). Affected component: Coupon plugin for WordPress. Impac...
CVE-2024-56235 WordPress Coupon plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coupon Plugin Coupon allows DOM-Based XSS.This issue affects Coupon: from n/a through 1.2.1...
WordPress Coupon plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Gab Patchstack Alliance in WordPress Plugin Coupon versions = 1.2.2...
WordPress Coupon Affiliates Plugin <= 5.12.7 is vulnerable to Cross Site Scripting (XSS)
Software Coupon Affiliates Type Plugin Vulnerable versions = 5.12.7 Fixed in 5.12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29125 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID 81253acd1aca Credits stealthcopter Required privilege...
WordPress WP Coupons and Deals – WordPress Coupon Plugin Plugin < 3.1.19 is vulnerable to Cross Site Scripting (XSS)
Software WP Coupons and Deals – WordPress Coupon Plugin Type Plugin Vulnerable versions 3.1.19 Fixed in 3.1.19 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f1b62167704e Credits...
WordPress Coupon Affiliates Plugin < 5.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Coupon Affiliates Type Plugin Vulnerable versions 5.6.0 Fixed in 5.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID de39047c211f Credits Rafie Muhammad Patchstack Required...
WordPress Plugin Coupon Affiliates-WooCommerce Affiliate 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Coupon Affiliates Plugin <= 5.4.5 is vulnerable to Cross Site Scripting (XSS)
Software Coupon Affiliates Type Plugin Vulnerable versions = 5.4.5 Fixed in 5.4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30475 Patch priority Medium CVSS severity Medium 7.1 Developer RelyWP PSID c2b6ffabba83 Credits Ivy TOOR, LISA Required...