WP-Safety

WP Coupons and Deals – WordPress Coupon Plugin Security & Risk Analysis

wordpress.org/plugins/wp-coupons-and-deals

Best WordPress Coupon Plugin. Generate more affiliate sales with coupon codes and deals.

2K active installs v3.2.5 PHP 7.3+ WP 5.2+ Updated Jan 6, 2026
affiliatecouponcouponsdealdeals
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 11, 2025
Plugin page Download
Safety Verdict

Is WP Coupons and Deals – WordPress Coupon Plugin Safe to Use in 2026?

Generally Safe

Score 99/100

WP Coupons and Deals – WordPress Coupon Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 11, 2025Updated 2mo ago
Risk Assessment

The wp-coupons-and-deals plugin version 3.2.5 exhibits a mixed security posture. While a significant portion of its output is properly escaped (88%) and it has a history of resolved vulnerabilities, there are notable concerns regarding its attack surface. A substantial number of AJAX handlers (7 out of 8) lack authentication checks, presenting a significant risk of unauthorized actions being performed if these endpoints can be triggered by unauthenticated users. The single identified file operation and external HTTP request also warrant attention, especially if they are not adequately secured against manipulation.

The taint analysis, while limited in scope (3 flows analyzed), did not reveal any critical or high severity vulnerabilities related to unsanitized paths. This is a positive indicator. However, the presence of raw SQL queries without prepared statements is a known risk factor for SQL injection, although the lack of specific instances in the taint analysis suggests it may not be a direct or exploitable threat in this version. The plugin's vulnerability history shows one medium-severity CVE related to missing authorization, which aligns with the findings of unprotected AJAX endpoints and suggests a recurring pattern of authorization flaws.

In conclusion, the plugin has some strengths, including good output escaping and a lack of critical or high-severity taint flows. However, the large number of unprotected AJAX handlers is a significant weakness that elevates the risk profile. The historical pattern of missing authorization vulnerabilities also suggests a need for continued vigilance and thorough security reviews. The bundled Freemius library is at version 1.0, which could potentially be outdated and carry its own set of risks if not kept up-to-date.

Key Concerns

  • Unprotected AJAX handlers
  • Raw SQL queries without prepared statements
  • Bundled Freemius v1.0 library
  • Missing nonce checks on AJAX
  • Flows with unsanitized paths (taint)
Vulnerabilities
1

WP Coupons and Deals – WordPress Coupon Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-64241medium · 4.3Missing Authorization

Coupons and Deals <= 3.2.4 - Missing Authorization

Dec 11, 2025 Patched in 3.2.5 (27d)
Code Analysis
Analyzed Mar 16, 2026

WP Coupons and Deals – WordPress Coupon Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
147
1084 escaped
Nonce Checks
4
Capability Checks
9
File Operations
1
External Requests
1
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

0% prepared1 total queries

Output Escaping

88% escaped1231 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
vote (includes\classes\wpcd-ajax.php:31)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

WP Coupons and Deals – WordPress Coupon Plugin Attack Surface

Entry Points12
Unprotected7

AJAX Handlers 8

authwp_ajax_wpcdReviewNoticeHideincludes\classes\admin\wpcd-admin-notices.php:26
authwp_ajax_wpcd_coupons_category_actionincludes\classes\wpcd-short-code.php:33
noprivwp_ajax_wpcd_coupons_category_actionincludes\classes\wpcd-short-code.php:34
authwp_ajax_wpcd_coupons_cat_vend_actionincludes\classes\wpcd-short-code.php:35
noprivwp_ajax_wpcd_coupons_cat_vend_actionincludes\classes\wpcd-short-code.php:36
authwp_ajax_wpcd_coupon_clicked_actionincludes\classes\wpcd-short-code.php:37
noprivwp_ajax_wpcd_coupon_clicked_actionincludes\classes\wpcd-short-code.php:38
authwp_ajax_wpcd_process_importincludes\functions\admin\actions\wpcd-admin-actions.php:37

Shortcodes 4

[wpcd_coupon] includes\classes\wpcd-short-code.php:28
[wpcd_code] includes\classes\wpcd-short-code.php:29
[wpcd_coupons] includes\classes\wpcd-short-code.php:31
[wpcd_coupons_loop] includes\classes\wpcd-short-code.php:32
WordPress Hooks 64
filtermanage_edit-wpcd_coupons_columnsincludes\classes\admin\wpcd-admin-columns.php:37
actionpre_get_postsincludes\classes\admin\wpcd-admin-columns.php:43
actionmanage_posts_custom_columnincludes\classes\admin\wpcd-admin-columns.php:50
filtermanage_edit-wpcd_coupons_sortable_columnsincludes\classes\admin\wpcd-admin-columns.php:61
filtermanage_edit-wpcd_coupon_category_columnsincludes\classes\admin\wpcd-admin-columns.php:73
filtermanage_wpcd_coupon_category_custom_columnincludes\classes\admin\wpcd-admin-columns.php:84
filtermanage_edit-wpcd_coupon_vendor_columnsincludes\classes\admin\wpcd-admin-columns.php:95
filtermanage_wpcd_coupon_vendor_custom_columnincludes\classes\admin\wpcd-admin-columns.php:106
filterpost_updated_messagesincludes\classes\admin\wpcd-admin-notices.php:24
actionadmin_noticesincludes\classes\admin\wpcd-admin-notices.php:25
actionadd_meta_boxesincludes\classes\admin\wpcd-help-metabox.php:26
actionadmin_menuincludes\classes\admin\wpcd-import-page.php:14
actionadmin_enqueue_scriptsincludes\classes\admin\wpcd-import-page.php:21
actionadd_meta_boxesincludes\classes\admin\wpcd-meta-boxes.php:42
actionsave_postincludes\classes\admin\wpcd-meta-boxes.php:43
actionadmin_initincludes\classes\admin\wpcd-settings-page.php:48
actionadmin_initincludes\classes\admin\wpcd-settings-page.php:55
actionadmin_menuincludes\classes\admin\wpcd-settings-page.php:62
filterplugin_action_linksincludes\classes\admin\wpcd-settings-page.php:69
actionadmin_enqueue_scriptsincludes\classes\admin\wpcd-settings-page.php:77
actionmedia_buttonsincludes\classes\admin\wpcd-shortcode-inserter.php:29
actionadmin_footerincludes\classes\admin\wpcd-shortcode-inserter.php:36
actionadd_meta_boxesincludes\classes\admin\wpcd-shortcode-metabox.php:26
actionadmin_bar_menuincludes\classes\admin\wpcd-toolbar-links.php:25
actionadmin_menuincludes\classes\admin\wpcd-welcome-page.php:24
actionadmin_enqueue_scriptsincludes\classes\admin\wpcd-welcome-page.php:25
actionadmin_headincludes\classes\admin\wpcd-welcome-page.php:26
actionamp_post_template_cssincludes\classes\wpcd-amp.php:93
actionamphtml_template_cssincludes\classes\wpcd-amp.php:94
actionwp_enqueue_scriptsincludes\classes\wpcd-assets.php:28
actionwp_enqueue_scriptsincludes\classes\wpcd-assets.php:29
actionadmin_enqueue_scriptsincludes\classes\wpcd-assets.php:30
actionadmin_enqueue_scriptsincludes\classes\wpcd-assets.php:31
actionadmin_enqueue_scriptsincludes\classes\wpcd-assets.php:32
filtertiny_mce_before_initincludes\classes\wpcd-assets.php:378
actionwp_enqueue_scriptsincludes\classes\wpcd-block-assets.php:14
actionenqueue_block_assetsincludes\classes\wpcd-block-assets.php:15
filterblock_categoriesincludes\classes\wpcd-block-category.php:43
filterblock_categories_allincludes\classes\wpcd-block-category.php:45
filterenter_title_hereincludes\classes\wpcd-custom-post-type.php:37
actionadmin_enqueue_scriptsincludes\classes\wpcd-custom-taxonomy-image.php:22
actionadd_meta_boxesincludes\classes\wpcd-preview-metabox.php:24
actionwpcd_add_buttonincludes\functions\admin\actions\wpcd-admin-actions.php:31
actionwpcd_help_info_divincludes\functions\admin\actions\wpcd-admin-actions.php:32
actionwpcd_widget_help_info_displayincludes\functions\admin\actions\wpcd-admin-actions.php:33
actionwpcd_shortcode_insert_button_divincludes\functions\admin\actions\wpcd-admin-actions.php:34
actionwpcd_shortcode_code_showincludes\functions\shortcode\code\actions\wpcd-shortcode-code-actions.php:28
filteruser_has_capincludes\main.php:132
filteruser_has_capincludes\main.php:166
actionafter_uninstallincludes\main.php:223
actioninitincludes\main.php:244
actioninitincludes\main.php:245
actioninitincludes\main.php:246
actioninitincludes\main.php:247
actionwidgets_initincludes\main.php:248
filterwp_enqueue_scriptsincludes\main.php:249
actionwp_enqueue_scriptsincludes\main.php:250
filterwp_headincludes\main.php:251
actionwp_dashboard_setupincludes\main.php:252
actionadmin_menuincludes\main.php:254
actionplugins_loadedwp-coupons-deals.php:33
actionupgrader_process_completewp-coupons-deals.php:83
filterpost_row_actionswp-coupons-deals.php:130
actionadmin_action_wpcd_duplicate_couponwp-coupons-deals.php:195
Maintenance & Trust

WP Coupons and Deals – WordPress Coupon Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 6, 2026
PHP min version7.3
Downloads126K

Community Trust

Rating94/100
Number of ratings124
Active installs2K
Alternatives

WP Coupons and Deals – WordPress Coupon Plugin Alternatives

Deals and Coupons Lite

Deals and Coupons Lite

deals-and-coupons-lite

A
100

Deals and Coupons is an affiliate marketing coupon plugin designed to increase conversions by displaying coupons and deals on your WordPress site.

70 No CVEs
Coupon Zen

Coupon Zen

coupon-zen

A
100

Create an excellent coupon-based affiliate system for your WooCommerce store to make it easier than ever! Manage your coupon deals more effortlessly!

30 1 CVE
Auto Import Coupons from vcommission

Auto Import Coupons from vcommission

auto-import-coupons-from-vcommission

A
85

WordPress Coupon plugin to auto-import affiliate coupon and deals to your WordPress site from vCommission partners account.

10 No CVEs
FMTC Pods

FMTC Pods

fmtc-pods

A
85

FMTC Pods are fully-automated blocks of monetized content that can be placed anywhere on your site.

10 No CVEs
OMS Coupon

OMS Coupon

oms-coupon

A
85

WordPress Coupon plugin to promote affiliate coupon and deals on your WordPress site.

0 No CVEs
Developer Profile

WP Coupons and Deals – WordPress Coupon Plugin Developer Profile

Imtiaz Rayhan

7 plugins · 16K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
313 days
View full developer profile
Detection Fingerprints

How We Detect WP Coupons and Deals – WordPress Coupon Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-coupons-and-deals/admin/assets/css/wpcd-admin-style.css/wp-content/plugins/wp-coupons-and-deals/admin/assets/js/wpcd-admin-script.js/wp-content/plugins/wp-coupons-and-deals/assets/css/wpcd-coupon-style.css/wp-content/plugins/wp-coupons-and-deals/assets/js/wpcd-coupon-script.js/wp-content/plugins/wp-coupons-and-deals/assets/js/wpcd-countdown.js
Script Paths
/wp-content/plugins/wp-coupons-and-deals/admin/assets/js/wpcd-admin-script.js/wp-content/plugins/wp-coupons-and-deals/assets/js/wpcd-coupon-script.js/wp-content/plugins/wp-coupons-and-deals/assets/js/wpcd-countdown.js
Version Parameters
wp-coupons-and-deals/admin/assets/css/wpcd-admin-style.css?ver=wp-coupons-and-deals/admin/assets/js/wpcd-admin-script.js?ver=wp-coupons-and-deals/assets/css/wpcd-coupon-style.css?ver=wp-coupons-and-deals/assets/js/wpcd-coupon-script.js?ver=wp-coupons-and-deals/assets/js/wpcd-countdown.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpcd-coupon-elementwpcd-coupon-titlewpcd-coupon-contentwpcd-coupon-buttonwpcd-coupon-deal-badgewpcd-coupon-expiry-datewpcd-coupon-discount-detailswpcd-shortcode-coupon-wrap+1 more
HTML Comments
<!-- wpcd_coupon_title --><!-- wpcd_coupon_code --><!-- wpcd_coupon_description --><!-- wpcd_coupon_discount_detail -->+6 more
Data Attributes
data-coupon-iddata-coupon-codedata-coupon-titledata-deal-iddata-deal-title
JS Globals
wpcd_coupon_script_object
Shortcode Output
[coupon[deal[coupons[deals
FAQ

Frequently Asked Questions about WP Coupons and Deals – WordPress Coupon Plugin