cleantalk
Vulnerabilities and Security Researches

WooCommerce Affiliate Plugin – Coupon Affiliates, CVE-2025-3598

CVE, Research URL

CVE-2025-3598

Home page URL

Security reports for WooCommerce Affiliate Plugin – Coupon Affiliates

Application

WooCommerce Affiliate Plugin – Coupon Affiliates

Published on
Apr 18, 2025
Research Description
The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 6.3.1.
Status
vulnerable
Previous vulnerability researches
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2025-3598) , Apr 20, 2025
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2024-12421) , Dec 15, 2024
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2023-30475) , Jun 06, 2024
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2022-0818) , Jun 06, 2024
WooCommerce Affiliate Plugin – Coupon Affiliates (CVE-2023-28992) , Jun 06, 2024
New vulnerability
Wallet System for WooCommerce – Digital Wallet, Cashback Rewards, Recharge User Wallets, View Transaction History (CVE-2025-54041) , Jul 19, 2025
Chatbox Manager (CVE-2025-48167) , Jul 19, 2025
Zuppler Online Ordering (CVE-2025-6053) , Jul 19, 2025
Counter live visitors for WooCommerce (CVE-2025-7359) , Jul 19, 2025
AntiSpam for Contact Form 7 (CVE-2025-54020) , Jul 19, 2025