[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZVr3biTOVd6z55rQ0Ewc3weOK-jA3Chnlix4CgzC_8M":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":29,"research_verified":30,"research_rounds_completed":31,"research_plan":32,"research_summary":33,"research_vulnerable_code":34,"research_fix_diff":35,"research_exploit_outline":36,"research_model_used":37,"research_started_at":38,"research_completed_at":39,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":30,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":30,"source_links":40},"CVE-2026-39508","advanced-coupons-for-woocommerce-coupons-authenticated-contributor-stored-cross-site-scripting","Advanced Coupons for WooCommerce Coupons \u003C= 4.7.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Advanced Coupons for WooCommerce Coupons plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","advanced-coupons-for-woocommerce-free",null,"\u003C=4.7.1.1","4.7.2","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-03-28 00:00:00","2026-04-15 21:27:05",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F2d1d8f46-68e4-4101-8ae8-1ca01f5145bf?source=api-prod",19,[22,23,24,25,26,27,28],"Helpers\u002FHelper_Functions.php","Helpers\u002FPlugin_Constants.php","Models\u002FAdmin_App.php","Models\u002FBOGO\u002FFrontend.php","Models\u002FCoupon_Templates.php","Models\u002FEdit_Coupon.php","Models\u002FEditor_Blocks.php","researched",false,3,"']` somewhere.\n\n    *   Is there any other Contributor-accessible area?\n    *   What about Coupon Categories?\n    *   `Edit_Coupon::override_coupon_categories_parent_file` - This is for the admin UI.\n    *   `Coupon_Templates::register_coupon_templates_app_page`.\n    *   Actually, let's look at `Editor_Blocks.php`'s `render_coupons_by_category_block` again.\n    *   It takes `categories` from `$attributes`.\n    *   If `categories` is an array of IDs, no XSS.\n    *   But what if it takes other attributes?\n\n    *   I will provide a plan for both `acfw\u002Fsingle-coupon` and `acfw\u002Fcoupons-category`.\n\n    *   Wait, \"Contributor\" doesn't have `manage_woocommerce`.\n    *   But they can edit \"Posts\".\n    *   If they can edit \"Posts\", they can use \"Blocks\".\n    *   This is the standard pattern for this type of vulnerability.\n\n    *   Let's check if the plugin has any shortcodes.\n    *   Gutenberg blocks usually have an equivalent shortcode.\n    *   I don't see `add_shortcode` in the snippets, but `Editor_Blocks.php` handles block rendering.\n\n    *   Wait, look at `Models\u002FBOGO\u002FFrontend.php`. `restrict_cart_","The Advanced Coupons for WooCommerce Coupons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg blocks. Authenticated attackers with contributor-level permissions can inject arbitrary web scripts into posts through unsanitized block attributes (such as custom CSS classes) that are later rendered on the frontend.","\u002F\u002F Helpers\u002FHelper_Functions.php (approx line 1217 in version 4.7.1.1)\n\n        if ( $classname ) {\n            $classnames[] = $classname;\n        }\n\n        $this->load_template(\n            \u002F\u002F ...","--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fadvanced-coupons-for-woocommerce-free\u002F4.7.1.1\u002FHelpers\u002FHelper_Functions.php\t2026-02-17 05:43:08.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Fadvanced-coupons-for-woocommerce-free\u002F4.7.2\u002FHelpers\u002FHelper_Functions.php\t2026-03-23 03:05:34.000000000 +0000\n@@ -735,6 +735,19 @@\n     }\n \n     \u002F**\n+     * Sanitize a space-separated string of CSS class names.\n+     *\n+     * @since 4.6.2\n+     * @access public\n+     *\n+     * @param string $classes Space-separated CSS class names.\n+     * @return array Array of sanitized class names.\n+     *\u002F\n+    public function sanitize_css_classes( $classes ) {\n+        return array_map( 'sanitize_html_class', explode( ' ', $classes ) );\n+    }\n+\n+    \u002F**\n      * Prepare setting fields for API.\n      *\n      * @since 1.2\n@@ -1217,7 +1230,7 @@\n         );\n \n         if ( $classname ) {\n-            $classnames[] = $classname;\n+            $classnames = array_merge( $classnames, $this->sanitize_css_classes( $classname ) );\n         }\n \n         $this->load_template(","1. Authenticate to the WordPress site as a user with at least 'Contributor' level permissions.\n2. Create a new Post or Page or edit an existing one.\n3. Add one of the plugin's Gutenberg blocks, such as 'Advanced Coupons - Single Coupon' (`acfw\u002Fsingle-coupon`) or 'Advanced Coupons - Coupons Category' (`acfw\u002Fcoupons-category`).\n4. In the block's 'Advanced' settings tab, locate the 'Additional CSS class(es)' field.\n5. Input a payload designed to break out of the HTML attribute context, such as: `\" onmouseover=\"alert(1)\" ` or `\">\u003Cscript>alert(document.domain)\u003C\u002Fscript>`.\n6. Save or Preview the post. The payload will be rendered on the frontend without proper sanitization, leading to script execution in the context of any user viewing the page.","gemini-3-flash-preview","2026-04-17 22:27:46","2026-04-17 22:28:46",{"type":41,"vulnerable_version":42,"fixed_version":11,"vulnerable_browse":43,"vulnerable_zip":44,"fixed_browse":45,"fixed_zip":46,"all_tags":47},"plugin","4.7.1.1","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fadvanced-coupons-for-woocommerce-free\u002Ftags\u002F4.7.1.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-coupons-for-woocommerce-free.4.7.1.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fadvanced-coupons-for-woocommerce-free\u002Ftags\u002F4.7.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvanced-coupons-for-woocommerce-free.4.7.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fadvanced-coupons-for-woocommerce-free\u002Ftags"]