Does 27coupons have any unpatched vulnerabilities?

No. All known vulnerabilities in 27coupons have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is 27coupons compatible with WordPress 3.9.40?

According to WordPress.org data, 27coupons 3.0 has been tested up to WordPress 3.9.40. Check the plugin's changelog for the latest compatibility information.

How often is 27coupons updated?

27coupons was last updated on May 9, 2014. Frequent updates are generally a positive security signal.

What is 27coupons's security score?

27coupons has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

27coupons Security & Risk Analysis

wordpress.org/plugins/27coupons

This plugin will create a widget which will display latest discount coupons of Indian shopping websites from 27coupons.com.

10 active installs v3.0 PHP + WP 2.8.2+ Updated May 9, 2014

27couponsdiscount-couponsindia-shoppingshopping-deals

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is 27coupons Safe to Use in 2026?

Generally Safe

Score 85/100

27coupons has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The static analysis of the 27coupons v3.0 plugin reveals a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and it has no recorded vulnerability history (CVEs). Furthermore, the attack surface appears minimal, with no AJAX handlers, REST API routes, shortcodes, or cron events identified, and no taint flows were detected, suggesting a lack of obvious injection vulnerabilities.

However, significant concerns arise from the code signals. The presence of the `create_function` function is a notable risk, as it can be a vector for code injection if used with user-supplied input, although the analysis did not detect any taint flows related to it. The most critical weakness is the complete lack of output escaping for all identified output points. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, as any data displayed to users without proper sanitization could be manipulated to execute malicious scripts.

In conclusion, while the absence of CVEs and a controlled attack surface are strengths, the critical flaw in output escaping and the use of the `create_function` function represent significant security weaknesses that require immediate attention. The plugin would benefit from comprehensive output sanitization and a review of how `create_function` is being utilized.

Key Concerns

All output is unescaped
Dangerous function used: create_function
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

27coupons Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

27coupons Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_action( 'widgets_init', create_function('', 'return register_widget("CouponsWidget");') );?>27coupons.php:130

Output Escaping

0% escaped20 total outputs

Attack Surface

27coupons Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionwidgets_init27coupons.php:130

Maintenance & Trust

27coupons Maintenance & Trust

Maintenance Signals

WordPress version tested3.9.40

Last updatedMay 9, 2014

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

27coupons Alternatives

Thankyou Coupons for WooCommerce

thankyou-coupons-for-wc

100

Help drive loyalty and repeat purchases whilst rewarding qualified paying customers by generating a personal dynamic coupon on the WooCommerce thankyo …

100 No CVEs

Reviewify — Review Discounts & Photo/Video Reviews for WooCommerce

review-for-discount

Reviewify helps you collect photo & video reviews, reward customers with coupons, and automate WooCommerce review emails.

30 1 CVE

Developer Profile

27coupons Developer Profile

diffion

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect 27coupons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

27coupons/style.css?ver=27coupons/script.js?ver=

HTML / DOM Fingerprints

CSS Classes

CouponsWidgetwidget_27boxsmall_27c-dealsc-storec-coupon

Data Attributes

id="CouponsWidget"data-api-keydata-num-couponsdata-title

JS Globals

window.CouponsWidget

Shortcode Output

<div class="CouponsWidget">

FAQ