WP-Safety

Coupon API Security & Risk Analysis

wordpress.org/plugins/couponapi

Automatically import Coupons & Deals from popular Affiliate Networks into your WordPress Coupon Website.

300 active installs v6.2.13 PHP 5.6+ WP 3.2+ Updated Oct 24, 2025
coupon-apicoupon-feedscouponsdealsvouchers
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVESep 10, 2025
Plugin page Download
Safety Verdict

Is Coupon API Safe to Use in 2026?

Mostly Safe

Score 78/100

Coupon API is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 10, 2025Updated 5mo ago
Risk Assessment

The "couponapi" plugin version 6.2.14 exhibits a concerning security posture due to multiple unprotected entry points. The static analysis reveals a significant attack surface with 4 out of 4 identified entry points (AJAX handlers and REST API routes) lacking proper authorization checks. This means any unauthenticated user could potentially interact with these sensitive functions. While the code shows some good practices like the use of prepared statements in SQL queries and some output escaping, the lack of capability checks is a major red flag. The taint analysis, while not revealing critical or high severity flows, shows a number of unsanitized paths, which, combined with the unprotected entry points, could lead to vulnerabilities if malicious input is provided. The plugin's vulnerability history is also a significant concern, with one known unpatched medium-severity CVE related to SQL injection. This history, coupled with the current lack of authorization checks, suggests a pattern of past weaknesses that may not have been fully addressed, posing a continued risk to sites using this version.

Key Concerns

  • Unprotected AJAX handlers (2)
  • Unprotected REST API routes (2)
  • No capability checks found
  • Unpatched medium severity CVE (SQL Injection)
  • Flows with unsanitized paths (4)
  • Low percentage of prepared statements (32%)
  • Low percentage of proper output escaping (59%)
Vulnerabilities
1

Coupon API Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-8692medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Coupon API <= 6.2.12 - Authenticated (Administrator+) SQL Injection via 'log_duration'

Sep 10, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Coupon API Code Analysis

Dangerous Functions
0
Raw SQL Queries
184
87 prepared
Unescaped Output
87
123 escaped
Nonce Checks
10
Capability Checks
0
File Operations
10
External Requests
1
Bundled Libraries
0

SQL Query Safety

32% prepared271 total queries

Output Escaping

59% escaped210 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

9 flows4 with unsanitized paths
couponapi_cmd_save_brandlogo (brandlogos-resync.php:74)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Coupon API Attack Surface

Entry Points4
Unprotected4

AJAX Handlers 2

noprivwp_ajax_couponapi_cmd_save_brandlogobrandlogos-resync.php:114
authwp_ajax_couponapi_cmd_save_brandlogobrandlogos-resync.php:115

REST API Routes 2

GET/wp-json/couponapi/v1checkStatuscouponapi.php:393
GET/wp-json/feedcallback/v1postscouponapi.php:555
WordPress Hooks 26
actionstores_edit_form_fieldsbrandlogos-resync.php:113
actioncouponapi_process_brandlogos_resync_eventbrandlogos-resync.php:188
actionrest_api_initcouponapi.php:554
filtercron_schedulescouponapi.php:562
actioncouponapi_check_wpcron_eventcouponapi.php:564
actionadmin_menucouponapi.php:565
actionadmin_post_capi_save_api_configcouponapi.php:566
actionadmin_post_capi_save_import_configcouponapi.php:567
actionadmin_post_capi_save_brandlogos_configcouponapi.php:568
actionadmin_post_capi_brandlogos_resynccouponapi.php:569
actionadmin_post_capi_sync_offerscouponapi.php:570
actionadmin_post_capi_delete_offerscouponapi.php:571
actionadmin_post_capi_pull_incremental_feedcouponapi.php:572
actionadmin_post_capi_file_uploadcouponapi.php:573
actionadmin_post_capi_download_logscouponapi.php:574
actionadmin_post_capi_custom_templatecouponapi.php:575
actioncouponapi_pull_incremental_feed_eventcouponapi.php:576
actioncouponapi_process_batch_eventcouponapi.php:577
actionrest_api_initcouponapi.php:578
actionplugins_loadedcouponapi.php:584
actionplugins_loadedcouponapi.php:585
actionplugins_loadedcouponapi.php:586
actionplugins_loadedcouponapi.php:587
actionplugins_loadedcouponapi.php:588
actionplugins_loadedcouponapi.php:589
actionplugins_loadedcouponapi.php:590

Scheduled Events 7

couponapi_process_brandlogos_resync_event
couponapi_process_batch_event
couponapi_process_batch_event
couponapi_check_wpcron_event
couponapi_process_batch_event
couponapi_process_batch_event
couponapi_pull_incremental_feed_event
Maintenance & Trust

Coupon API Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 24, 2025
PHP min version5.6
Downloads29K

Community Trust

Rating68/100
Number of ratings5
Active installs300
Alternatives

Coupon API Alternatives

LinkMyDeals

LinkMyDeals

linkmydeals

A
100

LinkMyDeals provides Coupon Feeds from 4000+ Online Stores. You can use this plugin to automatically pull Coupons & Deals into popular WordPress C &hellip;

300 No CVEs
WP Coupons and Deals – WordPress Coupon Plugin

WP Coupons and Deals – WordPress Coupon Plugin

wp-coupons-and-deals

A
99

Best WordPress Coupon Plugin. Generate more affiliate sales with coupon codes and deals.

2K 1 CVE
Deals and Coupons Lite

Deals and Coupons Lite

deals-and-coupons-lite

A
100

Deals and Coupons is an affiliate marketing coupon plugin designed to increase conversions by displaying coupons and deals on your WordPress site.

70 No CVEs
Coupon Zen

Coupon Zen

coupon-zen

A
100

Create an excellent coupon-based affiliate system for your WooCommerce store to make it easier than ever! Manage your coupon deals more effortlessly!

30 1 CVE
27coupons

27coupons

27coupons

A
85

This plugin will create a widget which will display latest discount coupons of Indian shopping websites from 27coupons.com.

10 No CVEs
Developer Profile

Coupon API Developer Profile

Kamil Khan

2 plugins · 600 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Coupon API

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/couponapi/assets/css/couponapi-admin.css/wp-content/plugins/couponapi/assets/js/couponapi-admin.js/wp-content/plugins/couponapi/assets/css/couponapi-public.css/wp-content/plugins/couponapi/assets/js/couponapi-public.js
Script Paths
/wp-content/plugins/couponapi/assets/js/couponapi-admin.js/wp-content/plugins/couponapi/assets/js/couponapi-public.js
Version Parameters
couponapi/assets/css/couponapi-admin.css?ver=couponapi/assets/js/couponapi-admin.js?ver=couponapi/assets/css/couponapi-public.css?ver=couponapi/assets/js/couponapi-public.js?ver=

HTML / DOM Fingerprints

CSS Classes
couponapi-admin-wrappercouponapi-settings-sectioncouponapi-field-groupcouponapi-noticecouponapi-log-tablecouponapi-log-entrycouponapi-import-formcouponapi-sync-button+2 more
HTML Comments
<!-- wp:paragraph --><!-- /wp:paragraph --><!-- wp:heading --><!-- /wp:heading -->+2 more
Data Attributes
data-couponapi-nonce
JS Globals
couponapi_ajax_object
REST Endpoints
/wp-json/feedcallback/v1/posts
Shortcode Output
[couponapi_offers][couponapi_deal_finder]
FAQ

Frequently Asked Questions about Coupon API