cleantalk
Vulnerabilities and Security Researches

WooCommerce Affiliate Plugin – Coupon Affiliates, CVE-2025-54022

CVE, Research URL

CVE-2025-54022

Home page URL

Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates

Application

WooCommerce Affiliate Plugin – Coupon Affiliates

Published on
Jul 16, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Cross Site Request Forgery. This issue affects Coupon Affiliates: from n/a through 6.4.0.
Affected versions
Min -, max 6.4.1.
Status
vulnerable
Previous vulnerability researches
BuddyPress & BuddyBoss Member Profile Forms (053af10176d1dc3feead6bb1c45f871d35190797) , Jun 07, 2024
New vulnerability
Torod – The smart shipping and delivery portal for e-shops and retailers (CVE-2025-30936) , Jul 19, 2025
Ultimate Push Notifications ( Mobile / Desktop ), Receive Notification From WooCommerce, BuddyPress, WordPress Default Events & (CVE-2025-50028) , Jul 19, 2025
Welcart e-Commerce (CVE-2025-54013) , Jul 19, 2025
CM Popup Plugin for WordPress – Popup Maker (CVE-2025-54018) , Jul 19, 2025
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2025-2800) , Jul 19, 2025