Does BW Coupon have any unpatched vulnerabilities?

No. All known vulnerabilities in BW Coupon have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is BW Coupon compatible with WordPress 6.6.5?

According to WordPress.org data, BW Coupon 1.5.3 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is BW Coupon compatible with PHP 8.0+?

BW Coupon requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is BW Coupon updated?

BW Coupon was last updated on Jul 28, 2024. Frequent updates are generally a positive security signal.

What is BW Coupon's security score?

BW Coupon has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

BW Coupon Security & Risk Analysis

wordpress.org/plugins/bw-coupon

WooCommerce Seller can create PDF coupons for sale. Customer will get an attached PDF coupon after purchase the coupon.

10 active installs v1.5.3 PHP 8.0+ WP 4.7+ Updated Jul 28, 2024

couponpdfproductswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is BW Coupon Safe to Use in 2026?

Generally Safe

Score 92/100

BW Coupon has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "bw-coupon" plugin v1.5.3 exhibits several security concerns despite having no known historical vulnerabilities. The static analysis reveals a significant attack surface, with all 4 REST API routes lacking permission callbacks. This means any authenticated user, potentially even those with minimal privileges, could interact with these endpoints, opening the door for unauthorized actions or data manipulation. Furthermore, the plugin has a moderate concern regarding output escaping, with only 50% of outputs being properly escaped. This increases the risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is directly rendered in the output without sanitization.

The taint analysis shows 2 flows with unsanitized paths, which is a direct indicator of potential vulnerabilities. While these are not classified as critical or high severity, unsanitized paths can still lead to various security issues if they involve user-controlled input that is not properly validated or neutralized. The presence of file operations, while not inherently risky, warrants attention when combined with other vulnerabilities like unsanitized paths, as it could potentially lead to local file inclusion or other file manipulation attacks. The plugin does have some good practices, including some use of prepared statements for SQL queries and the inclusion of a nonce check, but these are overshadowed by the unprotected REST API endpoints and the taint flow issues.

Overall, the plugin's security posture is concerning due to the lack of authorization checks on its REST API and the presence of unsanitized paths in its code. While the absence of known CVEs and a history of vulnerabilities is a positive sign, it does not guarantee the plugin's current security. The identified weaknesses, particularly the unprotected entry points and taint flows, present a tangible risk to WordPress installations. It is recommended to address the permission callbacks on REST API routes and thoroughly review and sanitize the identified unsanitized paths.

Key Concerns

REST API routes without permission callbacks
Unescaped output (50% proper)
Taint flows with unsanitized paths (2 flows)
Bundled library 'dompdf'

Vulnerabilities

None known

BW Coupon Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

BW Coupon Release Timeline

v1.5.3Current

v1.5.2

v1.4.9

v1.4.8

Code Analysis

Analyzed Mar 17, 2026

BW Coupon Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

dompdf

SQL Query Safety

25% prepared12 total queries

Output Escaping

50% escaped72 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

<options-admin-page> (admin\options-admin-page.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

BW Coupon Attack Surface

Entry Points4

Unprotected4

REST API Routes 4

GET/wp-json/bwc/foo/barincludes\pdf.php:59

GET/wp-json/bwc/v1/pdf/(?P<id>\d+)includes\pdf.php:65

GET/wp-json/bwc/v1/send_pdf/(?P<id>\d+)includes\pdf.php:70

POST/wp-json/bwc/v1/pdfincludes\pdf.php:75

WordPress Hooks 28

filtersafe_style_cssincludes\class-bwc-data.php:374

filtersafe_style_cssincludes\class-bwc-data.php:376

actionplugins_loadedincludes\functions.php:25

filterplugin_row_metaincludes\functions.php:29

actionadmin_menuincludes\functions.php:50

actionadmin_enqueue_scriptsincludes\functions.php:74

actionadmin_enqueue_scriptsincludes\functions.php:85

filtermanage_edit-shop_order_columnsincludes\functions.php:100

actionmanage_shop_order_posts_custom_columnincludes\functions.php:115

filtermanage_edit-shop_coupon_columnsincludes\functions.php:147

actionmanage_shop_coupon_posts_custom_columnincludes\functions.php:165

filterpost_row_actionsincludes\functions.php:209

actiondelete_postincludes\functions.php:249

actionedit_postincludes\functions.php:263

actiondelete_userincludes\functions.php:285

actionwoocommerce_process_product_metaincludes\functions.php:312

actionadd_meta_boxesincludes\functions.php:317

actionadmin_print_scriptsincludes\functions.php:337

actionadmin_noticesincludes\functions.php:353

actionadmin_footerincludes\functions.php:385

actionload-edit.phpincludes\functions.php:404

actionwoocommerce_order_status_completedincludes\functions.php:491

actionwoocommerce_order_status_processingincludes\functions.php:507

actionwoocommerce_thankyouincludes\functions.php:525

actionadmin_headincludes\pdf.php:24

filtermce_external_pluginsincludes\pdf.php:31

filtermce_buttonsincludes\pdf.php:32

actionrest_api_initincludes\pdf.php:56

Maintenance & Trust

BW Coupon Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJul 28, 2024

PHP min version8.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

BW Coupon Alternatives

WC Recurring Invoice

wc-invoice-pdf

100

WooCommerce invoice PDF generator for recurring / non-recurring orders and Email submission.

40 No CVEs

Simple PDF Coupon for WooCommerce

simple-pdf-coupon-for-woocommerce

WooCommerce Simple PDF Coupon module to create PDF coupons

30 No CVEs

Apply Coupons on Product Pages – For WooCommerce

coupons-on-products-woo

100

Allows customers to apply coupons on product pages and see the discounted price immediately.

0 No CVEs

Required Products Coupons for WooCommerce

runthings-wc-coupons-required-products

100

Restrict the usage of WooCommerce coupons unless required products are in the cart.

0 No CVEs

PDF Invoices & Packing Slips for WooCommerce

woocommerce-pdf-invoices-packing-slips

Create, print & automatically email PDF or XML Invoices & PDF Packing Slips for WooCommerce orders.

300K 12 CVEs

Developer Profile

BW Coupon Developer Profile

Myridia Company

4 plugins · 10 total installs

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect BW Coupon

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bw-coupon/admin/js/bwc.js/wp-content/plugins/bw-coupon/admin/css/styles.css

HTML / DOM Fingerprints

CSS Classes

bwc_preview_pdfbwc_email_pdf

Data Attributes

data-coupondata-domain

FAQ