WP-Safety

Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce Security & Risk Analysis

wordpress.org/plugins/coupon-x-discount-pop-up

Boost sales with engaging discount pop ups, coupon widgets, promo code pop up & coupon codes! Generate unique promo codes or use existing codes 🛒

1K active installs v1.4.5 PHP + WP 3.1+ Updated Apr 15, 2026
coupon-popupsdiscount-pop-uppop-uppop-upspromo-pop-ups
98
A · Safe
CVEs total2
Unpatched0
Last CVEJan 10, 2025
Download
Safety Verdict

Is Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce Safe to Use in 2026?

Generally Safe

Score 98/100

Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Jan 10, 2025Updated 1mo ago
Risk Assessment

The "coupon-x-discount-pop-up" plugin v1.4.5 exhibits a mixed security posture. While it demonstrates good practices in areas like prepared SQL statements and output escaping, significant concerns remain. The presence of 15 AJAX handlers, with one lacking authentication checks, presents a direct and potentially exploitable attack vector. The use of the `unserialize` function, especially without explicit context on its data source, is a red flag for deserialization vulnerabilities.

Taint analysis shows no critical or high severity unsanitized paths, which is a positive indicator. However, the plugin's vulnerability history is concerning, with two known CVEs, including a high and a medium severity vulnerability. The common vulnerability types of "Deserialization of Untrusted Data" and "Missing Authorization" align directly with the potential risks identified in the static analysis. The fact that the last vulnerability was in early 2025 suggests a pattern of past security weaknesses that require diligent monitoring.

In conclusion, while the plugin incorporates some robust security measures, the unprotected AJAX handler and the historical recurrence of authorization and deserialization issues necessitate a cautious approach. The plugin's strengths lie in its generally good SQL and output sanitization, but these are overshadowed by the potential for privilege escalation or arbitrary code execution through the identified entry points and past vulnerabilities.

Key Concerns

  • AJAX handler without auth check
  • Dangerous function used (unserialize)
  • Past High severity vulnerability
  • Past Medium severity vulnerability
  • Bundled library: Select2
  • Bundled library: DataTables
Vulnerabilities
2 published

Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2024-12627high · 7.5Deserialization of Untrusted Data

Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection

Jan 10, 2025 Patched in 1.3.6 (1d)
CVE-2024-12204medium · 5.4Missing Authorization

Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization

Jan 10, 2025 Patched in 1.3.6 (1d)
Version History

Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce Release Timeline

v1.4.5Current
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.9
v1.3.8
v1.3.7
v1.3.6
v1.3.52 CVEs
CVE-2024-12627 CVE-2024-12204
v1.3.42 CVEs
CVE-2024-12627 CVE-2024-12204
v1.3.32 CVEs
CVE-2024-12627 CVE-2024-12204
v1.3.22 CVEs
CVE-2024-12627 CVE-2024-12204
v1.3.12 CVEs
CVE-2024-12627 CVE-2024-12204
v1.32 CVEs
CVE-2024-12627 CVE-2024-12204
v1.2.92 CVEs
CVE-2024-12627 CVE-2024-12204
v1.2.82 CVEs
CVE-2024-12627 CVE-2024-12204
v1.2.72 CVEs
CVE-2024-12627 CVE-2024-12204
v1.2.62 CVEs
CVE-2024-12627 CVE-2024-12204
Code Analysis
Analyzed Mar 16, 2026

Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce Code Analysis

Dangerous Functions
1
Raw SQL Queries
3
32 prepared
Unescaped Output
117
1462 escaped
Nonce Checks
17
Capability Checks
20
File Operations
0
External Requests
8
Bundled Libraries
2

Dangerous Functions Found

unserialize$widget_settings = unserialize($widget->post_content);inc\class-coupon-x.php:52

Bundled Libraries

Select2DataTables

SQL Query Safety

91% prepared35 total queries

Output Escaping

93% escaped1579 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

3 flows
create_widget (inc\class-create-widget.php:217)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce Attack Surface

Entry Points15
Unprotected1

AJAX Handlers 15

authwp_ajax_update_popup_statusinc\class-cx-rest.php:31
authwp_ajax_create_cx_widgetinc\class-cx-rest.php:32
authwp_ajax_update_statusinc\class-cx-rest.php:33
authwp_ajax_delete_widgetinc\class-cx-rest.php:34
authwp_ajax_delete_leadsinc\class-cx-rest.php:35
authwp_ajax_update_widget_statsinc\class-cx-rest.php:38
noprivwp_ajax_update_widget_statsinc\class-cx-rest.php:39
authwp_ajax_capture_emailinc\class-cx-rest.php:40
noprivwp_ajax_capture_emailinc\class-cx-rest.php:41
authwp_ajax_generate_couponinc\class-cx-rest.php:42
noprivwp_ajax_generate_couponinc\class-cx-rest.php:43
authwp_ajax_coupon_x_plugin_deactivateinc\class-dashboard.php:41
authwp_ajax_cx_admin_send_message_to_ownerinc\class-dashboard.php:42
authwp_ajax_search_woo_productinc\class-dashboard.php:45
authwp_ajax_coupon_x_update_signup_statusinc\class-email-signup.php:47
WordPress Hooks 22
actionadmin_initcoupon-x-for-wc.php:94
actioninitinc\class-coupon-x.php:28
actionadmin_initinc\class-coupon-x.php:29
actionadmin_initinc\class-coupon-x.php:30
actionplugins_loadedinc\class-coupon-x.php:31
actionadmin_footerinc\class-coupon-x.php:32
actionwp_enqueue_scriptsinc\class-couponx-frontend.php:31
actionwp_headinc\class-couponx-frontend.php:32
actionwp_footerinc\class-couponx-frontend.php:33
actioninitinc\class-couponx-frontend.php:34
actionwp_loadedinc\class-couponx-frontend.php:36
actionwoocommerce_add_to_cartinc\class-couponx-frontend.php:37
actionadmin_enqueue_scriptsinc\class-cx-help.php:32
actionadmin_footerinc\class-cx-help.php:34
actionadmin_enqueue_scriptsinc\class-cx-review-box.php:86
actionadmin_noticesinc\class-cx-review-box.php:87
actioninitinc\class-dashboard.php:37
actionadmin_menuinc\class-dashboard.php:38
actionadmin_enqueue_scriptsinc\class-dashboard.php:39
actionadmin_footerinc\class-dashboard.php:40
actionadmin_headinc\class-dashboard.php:44
actionadmin_initinc\class-dashboard.php:46
Maintenance & Trust

Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version
Downloads37K

Community Trust

Rating98/100
Number of ratings51
Active installs1K
Alternatives

Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce Alternatives

Boxzilla – Pop-Ups for WordPress

Boxzilla – Pop-Ups for WordPress

boxzilla

A
100

Flexible pop-ups or slide-ins, showing up at just the right time.

20K No CVEs
Poptin – Exit Pop Ups & Email Popups

Poptin – Exit Pop Ups & Email Popups

poptin

A
100

Free exit intent popup builder, gamified popups with spin the wheel, contact form builder & lead generation pop ups platform for your website. 🎉

20K 1 CVE
Pop-up

Pop-up

pop-up-pop-up

A
99

Pop-up Popups

10K 2 CVEs
Bootstrap Modals

Bootstrap Modals

bootstrap-modals

C
63

This plugin adds Bootstrap Modal functionality to WordPress. All you need to do is add the Modal HTML mark up code.

1K 1 unpatched
WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation

WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation

optin

C
68

Create stunning popups and newsletter forms with WowOptin. Boost your lead generation and sales with advanced targeting and Canva-like flexibility.

1K 1 unpatched
Developer Profile

Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce Developer Profile

Premio

9 plugins · 651K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
168 days
View full developer profile
Detection Fingerprints

How We Detect Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/coupon-x-discount-pop-up/assets/css/frontend.css/wp-content/plugins/coupon-x-discount-pop-up/assets/css/frontend.min.css/wp-content/plugins/coupon-x-discount-pop-up/assets/js/frontend.js/wp-content/plugins/coupon-x-discount-pop-up/assets/js/frontend.min.js
Script Paths
assets/js/frontend.jsassets/js/frontend.min.js
Version Parameters
coupon-x-discount-pop-up/assets/css/frontend.css?ver=coupon-x-discount-pop-up/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
cx_widget_wrapcx_widget_areacx_coupon_display_boxcx_coupon_display_box_innercx_coupon_form_wrappercx_coupon_form_wrapcx_coupon_display_box_buttoncx_coupon_display_box_button_wrapper+9 more
HTML Comments
<!-- Main plugin file. --><!-- Save redirection value on plugin activation. --><!-- Coupon X settings --><!-- Coupon X widget frontend -->+4 more
Data Attributes
data-cx_widget_iddata-cx_widget_namedata-cx_nonce
JS Globals
cx_data
FAQ

Frequently Asked Questions about Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce