Coupon Affiliates
Monthly
Sensitive data exposure in the Coupon Affiliates WordPress plugin (versions 7.8.1 and earlier) allows remote unauthenticated attackers to retrieve confidential subscriber information over the network without any user interaction. The flaw, reported by Patchstack and classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), carries a CVSS 7.5 score reflecting high confidentiality impact with no integrity or availability consequences. No public exploit identified at time of analysis.
Unauthenticated reflected/stored cross-site scripting in the Coupon Affiliates WordPress plugin (versions up to and including 7.5.3) allows remote attackers to inject malicious script that executes in a victim's browser after user interaction. The CVSS 3.1 score of 7.1 with scope change (S:C) indicates impact beyond the vulnerable component, typical of XSS reaching the WordPress admin or affiliate context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Sensitive data exposure in the Coupon Affiliates WordPress plugin (versions 7.8.1 and earlier) allows remote unauthenticated attackers to retrieve confidential subscriber information over the network without any user interaction. The flaw, reported by Patchstack and classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), carries a CVSS 7.5 score reflecting high confidentiality impact with no integrity or availability consequences. No public exploit identified at time of analysis.
Unauthenticated reflected/stored cross-site scripting in the Coupon Affiliates WordPress plugin (versions up to and including 7.5.3) allows remote attackers to inject malicious script that executes in a victim's browser after user interaction. The CVSS 3.1 score of 7.1 with scope change (S:C) indicates impact beyond the vulnerable component, typical of XSS reaching the WordPress admin or affiliate context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.