Threat Entry Updated 2025-04-21

CVE-2025-3598 - Woo Coupon Usage Plugin

The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Woo Coupon Usage

CVE-2025-3598

MEDIUM CVSS 6.1 2025-04-18

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-12-13

CVE-2024-12421 - Woo Coupon Usage Plugin

The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. The Cross-Site Scripting was patched in version 5.16.7.1, while the arbitrary shortcode execution was patched in 5.16.7.2.

PLUGIN Woo Coupon Usage

CVE-2024-12421

MEDIUM CVSS 6.5 2024-12-13

Risk Score

Open Full Technical Breakdown