Skip to main content

Coupon Affiliates

3 CVEs product

Monthly

CVE-2026-49068 HIGH This Week

Sensitive data exposure in the Coupon Affiliates WordPress plugin (versions 7.8.1 and earlier) allows remote unauthenticated attackers to retrieve confidential subscriber information over the network without any user interaction. The flaw, reported by Patchstack and classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), carries a CVSS 7.5 score reflecting high confidentiality impact with no integrity or availability consequences. No public exploit identified at time of analysis.

Information Disclosure Coupon Affiliates
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-40770 HIGH This Week

Unauthenticated reflected/stored cross-site scripting in the Coupon Affiliates WordPress plugin (versions up to and including 7.5.3) allows remote attackers to inject malicious script that executes in a victim's browser after user interaction. The CVSS 3.1 score of 7.1 with scope change (S:C) indicates impact beyond the vulnerable component, typical of XSS reaching the WordPress admin or affiliate context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Coupon Affiliates
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-28992 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Coupon Affiliates
NVD
CVSS 3.1
6.1
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH This Week

Sensitive data exposure in the Coupon Affiliates WordPress plugin (versions 7.8.1 and earlier) allows remote unauthenticated attackers to retrieve confidential subscriber information over the network without any user interaction. The flaw, reported by Patchstack and classified as CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere), carries a CVSS 7.5 score reflecting high confidentiality impact with no integrity or availability consequences. No public exploit identified at time of analysis.

Information Disclosure Coupon Affiliates
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Unauthenticated reflected/stored cross-site scripting in the Coupon Affiliates WordPress plugin (versions up to and including 7.5.3) allows remote attackers to inject malicious script that executes in a victim's browser after user interaction. The CVSS 3.1 score of 7.1 with scope change (S:C) indicates impact beyond the vulnerable component, typical of XSS reaching the WordPress admin or affiliate context. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Coupon Affiliates
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Coupon Affiliates
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy