Vulnerabilities and security researches forwoo-coupon-usage woo-coupon-usage

Jun 06, 2024

CVE, Research URL: CVE-2023-30475
Home page URL: Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates
Application: WooCommerce Affiliate Plugin – Coupon Affiliates
Date: Aug 14, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP WooCommerce Affiliate Plugin – Coupon Affiliates plugin <= 5.4.5 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-0818
Home page URL: Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates
Application: WooCommerce Affiliate Plugin – Coupon Affiliates
Date: Mar 28, 2022
Research Description: The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-28992
Home page URL: Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates
Application: WooCommerce Affiliate Plugin – Coupon Affiliates
Date: Jun 26, 2023
Research Description: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin <= 5.4.3 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-29125
Home page URL: Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates
Application: WooCommerce Affiliate Plugin – Coupon Affiliates
Date: Mar 19, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates allows Reflected XSS.This issue affects Coupon Affiliates: from n/a through 5.12.7.
Affected versions: Min -, max -.
Status: vulnerable

Nov 15, 2024

CVE, Research URL: CVE-2022-4974
Home page URL: Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates
Application: WooCommerce Affiliate Plugin – Coupon Affiliates
Date: Oct 16, 2024
Research Description: The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
Affected versions: Min -, max -.
Status: vulnerable

Dec 15, 2024

CVE, Research URL: CVE-2024-12421
Home page URL: Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates
Application: WooCommerce Affiliate Plugin – Coupon Affiliates
Date: Dec 13, 2024
Research Description: The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. The Cross-Site Scripting was patched in version 5.16.7.1, while the arbitrary shortcode execution was patched in 5.16.7.2.
Affected versions: Min -, max -.
Status: vulnerable

Apr 20, 2025

CVE, Research URL: CVE-2025-3598
Home page URL: Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates
Application: WooCommerce Affiliate Plugin – Coupon Affiliates
Date: Apr 18, 2025
Research Description: The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

Jul 18, 2025

CVE, Research URL: CVE-2025-54022
Home page URL: Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates
Application: WooCommerce Affiliate Plugin – Coupon Affiliates
Date: Jul 16, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Cross Site Request Forgery. This issue affects Coupon Affiliates: from n/a through 6.4.0.
Affected versions: Min -, max -.
Status: vulnerable