WP-Safety

Coupon Creator Security & Risk Analysis

wordpress.org/plugins/coupon-creator

Create coupons to display on your site by using a shortcode.

2K active installs v3.4.3 PHP 7.4+ WP 6.5+ Updated Nov 5, 2025
couponcustom-post-typeshortcode
100
A · Safe
CVEs total1
Unpatched0
Last CVESep 16, 2020
Download
Safety Verdict

Is Coupon Creator Safe to Use in 2026?

Generally Safe

Score 100/100

Coupon Creator has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Sep 16, 2020Updated 4mo ago
Risk Assessment

The "coupon-creator" v3.4.3 plugin exhibits a mixed security posture. While it demonstrates good practices in some areas, such as a high percentage of SQL queries using prepared statements and proper output escaping, there are notable concerns. The presence of 3 AJAX handlers without authentication checks presents a significant attack surface, potentially allowing unauthorized actions. Furthermore, the taint analysis revealed a high severity flow with unsanitized paths, which could lead to vulnerabilities if not properly handled. The plugin's vulnerability history shows only one medium severity CVE, which is now patched, indicating that past issues have been addressed. However, the recurrence of such issues, even if medium, coupled with the current code signals, suggests a need for continued vigilance. The outdated bundled jQuery library also poses a potential risk. Overall, the plugin has strengths in data handling but weaknesses in access control for AJAX endpoints and potential data sanitization, requiring careful consideration.

Key Concerns

  • AJAX handlers without auth checks
  • High severity taint flow with unsanitized paths
  • Bundled outdated jQuery v1.10.2
  • Dangerous function 'exec' used
Vulnerabilities
1

Coupon Creator Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2020-36751medium · 4.3Cross-Site Request Forgery (CSRF)

Coupon Creator <= 3.1 - Cross-Site Request Forgery Bypass

Sep 16, 2020 Patched in 3.1.1 (1224d)
Code Analysis
Analyzed Mar 16, 2026

Coupon Creator Code Analysis

Dangerous Functions
3
Raw SQL Queries
11
32 prepared
Unescaped Output
181
933 escaped
Nonce Checks
19
Capability Checks
18
File Operations
2
External Requests
10
Bundled Libraries
2

Dangerous Functions Found

execreturn exec( 'whoami' );plugin-engine\src\Pngx\Admin\Support.php:551
exec$path = exec( "which $program" );plugin-engine\src\Pngx\Admin\Support.php:574
exec$path = exec( "where $program" );plugin-engine\src\Pngx\Admin\Support.php:576

Bundled Libraries

jQuery1.10.2Select2

SQL Query Safety

74% prepared43 total queries

Output Escaping

84% escaped1114 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

16 flows8 with unsanitized paths
license_update (plugin-engine\src\Pngx\Admin\EDD_License.php:204)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Coupon Creator Attack Surface

Entry Points10
Unprotected3

AJAX Handlers 9

authwp_ajax_pngx_templatesplugin-engine\src\Pngx\Admin\Ajax.php:13
authwp_ajax_pngx_varietyplugin-engine\src\Pngx\Admin\Ajax.php:14
authwp_ajax_pngx_repeatableplugin-engine\src\Pngx\Admin\Ajax.php:15
authwp_ajax_pngx_license_updateplugin-engine\src\Pngx\Admin\EDD_License.php:30
authwp_ajax_pngx_notice_dismissplugin-engine\src\Pngx\Admin\Notices.php:83
authwp_ajax_pngx_dropdownplugin-engine\src\Pngx\Ajax\Dropdown.php:24
noprivwp_ajax_pngx_dropdownplugin-engine\src\Pngx\Ajax\Dropdown.php:25
authwp_ajax_pngx_logging_controlsplugin-engine\src\Pngx\Log\Admin.php:5
authwp_ajax_goodbye_formsrc\tracking\class-plugin-usage-tracker.php:118

Shortcodes 1

[coupon] src\Cctor\Provider.php:77
WordPress Hooks 145
filterwisdom_form_text_coupon_creatorcoupon_creator.php:77
filterpre_set_site_transient_update_pluginsplugin-engine\src\Pngx\Admin\EDD_License.php:32
filterpre_set_site_transient_update_pluginsplugin-engine\src\Pngx\Admin\EDD_Plugin_Updater.php:70
filterplugins_apiplugin-engine\src\Pngx\Admin\EDD_Plugin_Updater.php:71
actionadmin_initplugin-engine\src\Pngx\Admin\EDD_Plugin_Updater.php:74
filterpre_set_site_transient_update_pluginsplugin-engine\src\Pngx\Admin\EDD_Plugin_Updater.php:195
actioninitplugin-engine\src\Pngx\Admin\Main.php:21
actionadmin_initplugin-engine\src\Pngx\Admin\Main.php:27
actionadmin_enqueue_scriptsplugin-engine\src\Pngx\Admin\Main.php:37
actionadmin_enqueue_scriptsplugin-engine\src\Pngx\Admin\Main.php:39
actionsave_postplugin-engine\src\Pngx\Admin\Meta.php:41
actionpngx_meta_messageplugin-engine\src\Pngx\Admin\Meta.php:43
actioncurrent_screenplugin-engine\src\Pngx\Admin\Notices.php:91
actionadmin_menuplugin-engine\src\Pngx\Admin\Options.php:62
actionadmin_initplugin-engine\src\Pngx\Admin\Options.php:63
actionadmin_initplugin-engine\src\Pngx\Admin\Options.php:66
actionpngx_before_option_formplugin-engine\src\Pngx\Admin\Options.php:69
actionpngx_after_option_formplugin-engine\src\Pngx\Admin\Options.php:70
filteradmin_body_classplugin-engine\src\Pngx\Admin\Options.php:71
actioninitplugin-engine\src\Pngx\Assets.php:44
actionsave_postplugin-engine\src\Pngx\Cache_Listener.php:41
actionupdated_optionplugin-engine\src\Pngx\Cache_Listener.php:42
filtercron_schedulesplugin-engine\src\Pngx\Cron_20.php:22
filtercron_schedulesplugin-engine\src\Pngx\Cron_20.php:23
actioninitplugin-engine\src\Pngx\Log\Admin.php:6
actionplugins_loadedplugin-engine\src\Pngx\Main.php:201
actioninitplugin-engine\src\Pngx\Main.php:217
actionplugins_loadedplugin-engine\src\Pngx\Main.php:329
actionplugins_loadedplugin-engine\src\Pngx\Main.php:330
filtercron_schedulesplugin-engine\src\Pngx\Process\Queue.php:131
filterpost_updated_messagesplugin-engine\src\Pngx\Register_Post_Type.php:23
filterenter_title_hereplugin-engine\src\Pngx\Register_Post_Type.php:25
actionpngx_engine_loadedplugin-engine\src\Pngx\Service_Providers\Carousel.php:42
filterpngx_template_public_namespaceplugin-engine\src\Pngx\Service_Providers\Carousel.php:43
actionpngx_engine_loadedplugin-engine\src\Pngx\Service_Providers\Dialog.php:42
filterpngx_template_public_namespaceplugin-engine\src\Pngx\Service_Providers\Dialog.php:43
actionadmin_initplugin-engine\src\Pngx\Traits\With_Nonce_Routes.php:126
actionpngx_events_update_metaplugin-engine\src\Pngx\Utilities\Dates\Known_Range.php:157
actiondeleted_postplugin-engine\src\Pngx\Utilities\Dates\Known_Range.php:169
filterpre_update_option_gmt_offsetplugin-engine\src\Pngx\Utilities\Dates\Timezones.php:33
filterpre_update_option_timezone_stringplugin-engine\src\Pngx\Utilities\Dates\Timezones.php:34
filterpost_row_actionssrc\Cctor\Admin\Columns.php:25
filtermanage_edit-cctor_coupon_columnssrc\Cctor\Admin\Columns.php:28
actionmanage_posts_custom_columnsrc\Cctor\Admin\Columns.php:31
actionadmin_action_pngx_duplicate_couponsrc\Cctor\Admin\Duplicate\Coupons.php:53
filterpost_row_actionssrc\Cctor\Admin\Duplicate\Coupons.php:54
actionmedia_buttonssrc\Cctor\Admin\Inserter.php:23
actionadmin_footersrc\Cctor\Admin\Inserter.php:43
actionadmin_initsrc\Cctor\Admin\License_Setup.php:52
actionadmin_initsrc\Cctor\Admin\License_Setup.php:53
actionadmin_initsrc\Cctor\Admin\Main.php:19
actionadmin_initsrc\Cctor\Admin\Main.php:22
actionadd_meta_boxessrc\Cctor\Admin\Meta.php:45
actionedit_form_after_titlesrc\Cctor\Admin\Meta.php:48
actionedit_form_after_titlesrc\Cctor\Admin\Meta.php:49
filterpngx-default-templatesrc\Cctor\Admin\Meta.php:52
filterpngx_before_save_meta_fieldssrc\Cctor\Admin\Meta.php:55
actionpngx_meta_messagesrc\Cctor\Admin\Meta.php:96
actionpngx_meta_messagesrc\Cctor\Admin\Meta.php:97
actioninitsrc\Cctor\Admin\Options.php:48
actionadmin_initsrc\Cctor\Admin\Options.php:55
filterpngx_options_name_idsrc\Cctor\Admin\Options.php:58
actionpngx_flush_permalinkssrc\Cctor\Admin\Options.php:60
actionadmin_initsrc\Cctor\Admin\Options.php:63
actionpngx_before_option_formsrc\Cctor\Admin\Options.php:66
actionpngx_after_option_formsrc\Cctor\Admin\Options.php:67
filterpngx-system-info-options-couponsrc\Cctor\Admin\Options.php:70
filterpngx-option-fields-couponsrc\Cctor\Admin\Options.php:73
filterpngx-support-info-couponsrc\Cctor\Admin\Options.php:76
filteradmin_body_classsrc\Cctor\Admin\Options.php:78
actionadmin_initsrc\Cctor\Admin\Pro_License_Pre_24.php:27
actionadmin_initsrc\Cctor\Admin\Pro_License_Pre_24.php:28
actionenqueue_block_editor_assetssrc\Cctor\Assets.php:17
actionenqueue_block_editor_assetssrc\Cctor\Assets.php:18
actionenqueue_block_editor_assetssrc\Cctor\Assets.php:19
actionwp_enqueue_scriptssrc\Cctor\Assets.php:21
actionwp_enqueue_scriptssrc\Cctor\Assets.php:22
filterpngx_template_path_listsrc\Cctor\Hooks.php:45
actionenqueue_block_editor_assetssrc\Cctor\I18n.php:17
actionplugins_loadedsrc\Cctor\Main.php:125
actionplugins_loadedsrc\Cctor\Main.php:126
actionpngx_engine_loadedsrc\Cctor\Main.php:212
actionadmin_noticessrc\Cctor\Main.php:217
actionadmin_noticessrc\Cctor\Main.php:239
actioninitsrc\Cctor\Main.php:268
actionadmin_headsrc\Cctor\Main.php:347
actionadmin_noticessrc\Cctor\Main.php:375
actionnetwork_admin_noticessrc\Cctor\Main.php:376
filtercctor_filter_meta_template_fieldssrc\Cctor\Meta\Fields.php:19
filterpngx_meta_fieldssrc\Cctor\Meta\Fields.php:20
filterpngx_meta_template_fieldssrc\Cctor\Meta\Fields.php:21
actioninitsrc\Cctor\Provider.php:58
actioninitsrc\Cctor\Provider.php:59
actionpre_get_postssrc\Cctor\Provider.php:60
filterpngx_register_cctor_coupon_type_argssrc\Cctor\Provider.php:65
filterpngx_register_cctro_coupon_type_argssrc\Cctor\Provider.php:67
actioninitsrc\Cctor\Provider.php:70
actionpngx_editor_register_blockssrc\Cctor\Provider.php:73
actioncctor_before_couponsrc\Cctor\Provider.php:78
actioninitsrc\Cctor\Provider.php:79
filtercctor_filter_terms_tagssrc\Cctor\Provider.php:80
filterthe_contentsrc\Cctor\Provider.php:82
actioncctor_action_print_templatesrc\Cctor\Provider.php:86
filtertemplate_includesrc\Cctor\Provider.php:87
actioncoupon_print_headsrc\Cctor\Provider.php:88
actionparse_querysrc\Cctor\Provider.php:91
filterpngx_filter_contentsrc\Cctor\Provider.php:94
actionadmin_initsrc\Cctor\Provider.php:121
actionadmin_enqueue_scriptssrc\Cctor\Provider.php:124
filterplugin_action_linkssrc\Cctor\Provider.php:127
actionadmin_menusrc\Cctor\Provider.php:128
actionadmin_initsrc\Cctor\Provider.php:129
actionadmin_initsrc\Cctor\Provider.php:133
filterpngx_field_typessrc\Cctor\Provider.php:136
actioncoupon_print_metasrc\functions\template-build\cctor-print-build.php:17
actioncoupon_print_metasrc\functions\template-build\cctor-print-build.php:19
actioncoupon_print_metasrc\functions\template-build\cctor-print-build.php:21
filtercctor_print_image_urlsrc\functions\template-build\cctor-print-build.php:23
filtercctor_print_outer_content_wrapsrc\functions\template-build\cctor-print-build.php:25
actioncctor_print_image_couponsrc\functions\template-build\cctor-print-build.php:27
filtercctor_print_inner_content_wrapsrc\functions\template-build\cctor-print-build.php:29
actioncctor_print_coupon_dealsrc\functions\template-build\cctor-print-build.php:31
actioncctor_print_coupon_termssrc\functions\template-build\cctor-print-build.php:33
actioncctor_print_coupon_expirationsrc\functions\template-build\cctor-print-build.php:35
actioncctor_click_to_print_couponsrc\functions\template-build\cctor-print-build.php:37
actioncctor_print_no_show_couponsrc\functions\template-build\cctor-print-build.php:39
filtercctor_image_urlsrc\functions\template-build\cctor-shortcode-build.php:12
filtercctor_outer_content_wrapsrc\functions\template-build\cctor-shortcode-build.php:14
actioncctor_img_couponsrc\functions\template-build\cctor-shortcode-build.php:16
filtercctor_inner_content_wrapsrc\functions\template-build\cctor-shortcode-build.php:18
actioncctor_coupon_dealsrc\functions\template-build\cctor-shortcode-build.php:20
actioncctor_coupon_termssrc\functions\template-build\cctor-shortcode-build.php:22
actioncctor_coupon_expirationsrc\functions\template-build\cctor-shortcode-build.php:24
actioncctor_coupon_linksrc\functions\template-build\cctor-shortcode-build.php:26
actioncctor_no_show_couponsrc\functions\template-build\cctor-shortcode-build.php:28
actioncctor_no_show_couponsrc\functions\template-build\cctor-shortcode-build.php:30
actionafter_switch_themesrc\tracking\class-plugin-usage-tracker.php:75
actionswitch_themesrc\tracking\class-plugin-usage-tracker.php:76
filtercron_schedulessrc\tracking\class-plugin-usage-tracker.php:103
actionput_do_weekly_actionsrc\tracking\class-plugin-usage-tracker.php:105
actionadmin_initsrc\tracking\class-plugin-usage-tracker.php:111
actionadmin_noticessrc\tracking\class-plugin-usage-tracker.php:112
actionadmin_noticessrc\tracking\class-plugin-usage-tracker.php:113
actionadmin_footer-plugins.phpsrc\tracking\class-plugin-usage-tracker.php:117
actionadmin_initsrc\tracking\class-plugin-usage-tracker.php:741

Scheduled Events 1

put_do_weekly_action
Maintenance & Trust

Coupon Creator Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 5, 2025
PHP min version7.4
Downloads204K

Community Trust

Rating86/100
Number of ratings37
Active installs2K
Alternatives

Coupon Creator Alternatives

Apollo13 Framework Extensions

Apollo13 Framework Extensions

apollo13-framework-extensions

A
95

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs
Posts in Page

Posts in Page

posts-in-page

B
84

Easily add one or more posts to any page using simple shortcodes.

10K 1 CVE
W4 Post List

W4 Post List

w4-post-list

A
99

W4 Post List lets you create a list of posts, terms, users or a combined one. Decorate output using shortcodes. It's just easy and fun.

3K 5 CVEs
WebMan Amplifier

WebMan Amplifier

webman-amplifier

A
99

Amplifies functionality of WP themes. Provides custom post types, shortcodes, metaboxes, icons. Theme developer's best friend!

2K 1 CVE
SFN Easy FAQ Manager

SFN Easy FAQ Manager

wordpress-faq-manager

A
100

Uses custom post types and taxonomies to manage an FAQ section for your site.

2K No CVEs
Developer Profile

Coupon Creator Developer Profile

Brian

1 plugin · 2K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
1224 days
View full developer profile
Detection Fingerprints

How We Detect Coupon Creator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/coupon-creator/assets/css/coupon-creator-styles.css/wp-content/plugins/coupon-creator/assets/js/coupon-creator-frontend.js/wp-content/plugins/coupon-creator/assets/js/coupon-creator-admin.js
Script Paths
/wp-content/plugins/coupon-creator/assets/js/coupon-creator-frontend.js/wp-content/plugins/coupon-creator/assets/js/coupon-creator-admin.js
Version Parameters
coupon-creator/assets/css/coupon-creator-styles.css?ver=coupon-creator/assets/js/coupon-creator-frontend.js?ver=coupon-creator/assets/js/coupon-creator-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
coupon-creator-couponcoupon-creator-coupon-wrappercoupon-creator-coupon-titlecoupon-creator-coupon-descriptioncoupon-creator-coupon-imagecoupon-creator-coupon-detailscoupon-creator-coupon-expiredcoupon-creator-coupon-button+1 more
HTML Comments
<!-- Generated by Coupon Creator -->
Data Attributes
data-coupon-iddata-coupon-titledata-coupon-print-url
JS Globals
coupon_creator_vars
Shortcode Output
[coupon couponid=[coupon couponid=[coupon-print
FAQ

Frequently Asked Questions about Coupon Creator