Does WP Coupon System have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Coupon System have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Coupon System compatible with WordPress 4.1.42?

According to WordPress.org data, WP Coupon System 1.0 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is WP Coupon System updated?

WP Coupon System was last updated on Dec 12, 2014. Frequent updates are generally a positive security signal.

What is WP Coupon System's security score?

WP Coupon System has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Coupon System Security & Risk Analysis

wordpress.org/plugins/wp-coupon-system

Clean and Supoer user friendly wordpress coupon plugin for coupon selling websites.

10 active installs v1.0 PHP + WP 3.0.1+ Updated Dec 12, 2014

coupon-plugin-for-wordpresswordpress-coupon-pluginwp-couponwp-coupon-managementwp-coupon-system

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Coupon System Safe to Use in 2026?

Generally Safe

Score 85/100

WP Coupon System has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The wp-coupon-system plugin v1.0 exhibits a mixed security posture. While it shows no known vulnerability history, indicating a potentially stable release, the static analysis reveals several concerning practices. The presence of an unprotected AJAX handler significantly increases the attack surface, offering a direct entry point for potential exploitation. Furthermore, the plugin's handling of SQL queries is a critical weakness, with 100% of queries lacking prepared statements, which opens the door to SQL injection vulnerabilities.

The taint analysis highlights two flows with unsanitized paths, both flagged as high severity. This suggests that user-supplied data is not being properly validated or sanitized before being used in sensitive operations, potentially leading to code execution or data manipulation. The use of `create_function` is a deprecated and inherently risky practice that can be leveraged for code injection. The low percentage of properly escaped output also indicates a risk of Cross-Site Scripting (XSS) vulnerabilities.

In conclusion, despite a clean vulnerability history, the static analysis reveals significant security concerns within wp-coupon-system v1.0. The unprotected entry point, raw SQL queries, unsanitized taint flows, and insecure function usage collectively present a substantial risk. While the plugin has a moderate number of capability checks, these are insufficient to mitigate the identified vulnerabilities.

Key Concerns

Unprotected AJAX handler
SQL queries lack prepared statements
High severity unsanitized taint flows
Usage of create_function
Low percentage of output escaping

Vulnerabilities

None known

WP Coupon System Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Coupon System Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

191

7 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_filter( 'wp_default_editor', create_function('', 'return "tinymce";') );framework\bootstrap.php:195

Bundled Libraries

Select2

SQL Query Safety

0% prepared1 total queries

Output Escaping

4% escaped198 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

vp_ajax_wrapper (framework\bootstrap.php:75)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

WP Coupon System Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_vp_ajax_wrapperframework\bootstrap.php:71

Shortcodes 1

[coupon] admin\shortcodes.php:116

WordPress Hooks 34

actionadmin_headadmin\icon.php:14

actionafter_setup_themeframework\bootstrap.php:41

actiontgmpa_registerframework\bootstrap.php:47

actioninitframework\bootstrap.php:112

actioncurrent_screenframework\bootstrap.php:113

actionadmin_enqueue_scriptsframework\bootstrap.php:114

actioncurrent_screenframework\bootstrap.php:115

filterclean_urlframework\bootstrap.php:116

actionadmin_footerframework\bootstrap.php:161

filterwp_default_editorframework\bootstrap.php:195

actioninitframework\classes\metabox.php:43

actionvp_option_first_activationframework\classes\option.php:81

actionadmin_menuframework\classes\option.php:100

actionadmin_noticesframework\classes\option.php:162

actioncurrent_screenframework\classes\shortcodegenerator.php:47

actionadmin_footerframework\classes\shortcodegenerator.php:58

filtermce_external_pluginsframework\classes\shortcodegenerator.php:288

filtermce_buttonsframework\classes\shortcodegenerator.php:289

filterwp_fullscreen_buttonsframework\classes\shortcodegenerator.php:290

filteradmin_print_stylesframework\classes\shortcodegenerator.php:291

actionadmin_enqueue_scriptsframework\classes\wp\enqueuer.php:27

actionadmin_headframework\includes\wpalchemy\MetaBox.php:22

actionadmin_footerframework\includes\wpalchemy\MetaBox.php:24

actionadmin_initframework\includes\wpalchemy\MetaBox.php:506

actionimport_post_metaframework\includes\wpalchemy\MetaBox.php:509

filteroutputframework\includes\wpalchemy\MetaBox.php:569

actionsave_postframework\includes\wpalchemy\MetaBox.php:579

actionadmin_headframework\includes\wpalchemy\MetaBox.php:619

actionadmin_footerframework\includes\wpalchemy\MetaBox.php:621

actionwp_enqueue_scriptswp-coupon-system.php:18

actionwp_enqueue_scriptswp-coupon-system.php:52

actioninitwp-coupon-system.php:56

actioninitwp-coupon-system.php:77

actionafter_setup_themewp-coupon-system.php:143

Maintenance & Trust

WP Coupon System Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedDec 12, 2014

PHP min version

Downloads3K

Community Trust

Rating100/100

Number of ratings3

Active installs10

Alternatives

WP Coupon System Alternatives

Coupon Zen

coupon-zen

100

Create an excellent coupon-based affiliate system for your WooCommerce store to make it easier than ever! Manage your coupon deals more effortlessly!

30 1 CVE

Magic WP Coupons – Lite

magic-wp-coupons

Magic WP Coupons is a WordPress based plugin which can magically turn your WordPress theme into a affiliate coupons site.

10 No CVEs

ReadMe

wpcoupon-widget

Wp Coupon Plugin for WordPress used as a widget.Thanks for your feedback.

10 No CVEs

Developer Profile

WP Coupon System Developer Profile

noor-e-alam

3 plugins · 120 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Coupon System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-coupon-system/css/coupon.css

HTML / DOM Fingerprints

Data Attributes

data-vp-post_typedata-vp-id

JS Globals

vp_sg

Shortcode Output

[coupon-shortcode]

FAQ

WP Coupon System Security & Risk Analysis

Is WP Coupon System Safe to Use in 2026?

Generally Safe

Key Concerns

WP Coupon System Security Vulnerabilities

WP Coupon System Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

WP Coupon System Attack Surface

AJAX Handlers 1

Shortcodes 1

WP Coupon System Maintenance & Trust

Maintenance Signals

Community Trust

WP Coupon System Alternatives

Coupon Zen

Magic WP Coupons – Lite

ReadMe

WP Coupon System Developer Profile

How We Detect WP Coupon System

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about WP Coupon System