Does Coupon Plugin have any unpatched vulnerabilities?

Yes — Coupon Plugin currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Coupon Plugin compatible with WordPress 6.7.5?

According to WordPress.org data, Coupon Plugin 1.2.2 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Coupon Plugin compatible with PHP 7.4+?

Coupon Plugin requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Coupon Plugin updated?

Coupon Plugin was last updated on Jan 2, 2025. Frequent updates are generally a positive security signal.

What is Coupon Plugin's security score?

Coupon Plugin has a WP-Safety security score of 70/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Coupon Plugin Security & Risk Analysis

wordpress.org/plugins/coupon-lite

A powerful coupon plugin for affiliate marketers and bloggers to create responsive and customizable coupon and deal boxes in WordPress.

300 active installs v1.2.2 PHP 7.4+ WP 4.5+ Updated Jan 2, 2025

affiliate-marketingaffiliate-plugincoupondealwordpress-coupons

B · Generally Safe

CVEs total2

Unpatched1

Last CVEJan 6, 2025

Plugin page Download

Safety Verdict

Is Coupon Plugin Safe to Use in 2026?

Mostly Safe

Score 70/100

Coupon Plugin is generally safe to use though it hasn't been updated recently. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: Jan 6, 2025Updated 1yr ago

Risk Assessment

The "coupon-lite" plugin v1.2.2 exhibits a mixed security posture. On one hand, it demonstrates good practices with 100% of SQL queries using prepared statements and a reasonable number of nonce and capability checks. However, a significant concern lies in the output escaping, with only 22% of outputs being properly escaped, indicating a high potential for Cross-Site Scripting (XSS) vulnerabilities. While the static analysis reported no critical or high severity taint flows, the vulnerability history reveals two known medium severity CVEs, both related to XSS, with one still unpatched. This pattern suggests that while the developers are addressing some security issues, there are persistent weaknesses, particularly concerning input sanitization for output, leading to recurring XSS flaws. The plugin has a small attack surface, but the lack of comprehensive output escaping and the presence of an unpatched XSS vulnerability are key weaknesses that elevate the risk.

Key Concerns

Unpatched CVE
Low output escaping percentage
Medium severity CVEs in history

Vulnerabilities

Coupon Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-12516medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Coupon Plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 6, 2025 Patched in 1.2.2 (1d)

CVE-2024-56235medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Coupon <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 19, 2024Unpatched

Code Analysis

Analyzed Mar 16, 2026

Coupon Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

22% escaped37 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

coupon_click (src\custom\helpers\functions.php:209)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Coupon Plugin Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[couponplugin] src\custom\shortcode\shortcode.php:13

WordPress Hooks 25

actioninitcoupon-plugin-lite.php:68

actionadmin_menusrc\custom\admin\admin.php:15

actionadmin_initsrc\custom\admin\admin.php:16

actionadmin_enqueue_scriptssrc\custom\helpers\functions.php:18

actionwp_enqueue_scriptssrc\custom\helpers\functions.php:19

actionmanage_coupon_posts_custom_columnsrc\custom\helpers\functions.php:20

actionwp_footersrc\custom\helpers\functions.php:21

actionwp_enqueue_scriptssrc\custom\helpers\functions.php:22

actioncp_code_boxsrc\custom\helpers\functions.php:23

actionadmin_noticessrc\custom\helpers\functions.php:30

filterenter_title_heresrc\custom\helpers\functions.php:32

filtermanage_coupon_posts_columnssrc\custom\helpers\functions.php:33

actionadmin_footersrc\custom\helpers\functions.php:72

actionadd_meta_boxessrc\custom\meta\meta-box.php:14

actionadd_meta_boxessrc\custom\meta\meta-box.php:15

actionsave_post_couponsrc\custom\meta\meta-box.php:16

actioncoupon-store_edit_form_fieldssrc\custom\meta\term-meta.php:14

actionedit_coupon-storesrc\custom\meta\term-meta.php:15

actioninitsrc\custom\post-type\coupon.php:14

actionsave_post_couponsrc\custom\taxonomy\config.php:14

actioninitsrc\custom\taxonomy\custom-taxonomy.php:14

actionrestrict_manage_postssrc\custom\taxonomy\custom-taxonomy.php:27

actionrestrict_manage_postssrc\custom\taxonomy\custom-taxonomy.php:53

filterparse_querysrc\custom\taxonomy\custom-taxonomy.php:79

filterparse_querysrc\custom\taxonomy\custom-taxonomy.php:98

Maintenance & Trust

Coupon Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJan 2, 2025

PHP min version7.4

Downloads12K

Community Trust

Rating96/100

Number of ratings4

Active installs300

Alternatives

Coupon Plugin Alternatives

Deals and Coupons Lite

deals-and-coupons-lite

100

Deals and Coupons is an affiliate marketing coupon plugin designed to increase conversions by displaying coupons and deals on your WordPress site.

70 No CVEs

AffiliateX – Amazon Affiliate Plugin

affiliatex

AffiliateX is the best WordPress Amazon Affiliate Plugin. Create professional affiliate websites with customizable WordPress Amazon Affiliate Blocks.

10K 3 CVEs

YITH WooCommerce Affiliates

yith-woocommerce-affiliates

YITH WooCommerce Affiliates allows you to create affiliate profiles and grant your affiliates earnings each time someone purchases from their link.

7K 1 CVE

WP Coupons and Deals – WordPress Coupon Plugin

wp-coupons-and-deals

Best WordPress Coupon Plugin. Generate more affiliate sales with coupon codes and deals.

2K 1 CVE

Coupon API

couponapi

Automatically import Coupons & Deals from popular Affiliate Networks into your WordPress Coupon Website.

300 1 unpatched

Developer Profile

Coupon Plugin Developer Profile

Vicky Kumar

1 plugin · 300 total installs

trust score

Avg Security Score

70/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Coupon Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/coupon-lite/assets/css/cp-admin.css/wp-content/plugins/coupon-lite/assets/css/cp-admin-datetime.css/wp-content/plugins/coupon-lite/assets/css/cp-frontend.css/wp-content/plugins/coupon-lite/assets/js/cp-admin.js/wp-content/plugins/coupon-lite/assets/js/cp-admin-datetime.js/wp-content/plugins/coupon-lite/assets/js/cp-frontend.js

Script Paths

/wp-content/plugins/coupon-lite/assets/js/cp-admin.js/wp-content/plugins/coupon-lite/assets/js/cp-admin-datetime.js/wp-content/plugins/coupon-lite/assets/js/cp-frontend.js

Version Parameters

coupon-lite/assets/css/cp-admin.css?ver=coupon-lite/assets/css/cp-admin-datetime.css?ver=coupon-lite/assets/css/cp-frontend.css?ver=coupon-lite/assets/js/cp-admin.js?ver=coupon-lite/assets/js/cp-admin-datetime.js?ver=coupon-lite/assets/js/cp-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

cp-color-field

Data Attributes

data-id

Shortcode Output

[couponplugin id="

FAQ