| CVE-2026-1165 | Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change | ays-pro | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | Medium | 4.3 | 2026-01-31 14:22:29 | Deep Dive |
| CVE-2025-11373 | Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Safe File Type Upload | averta | Depicter — Popup & Slider Builder | Medium | 4.3 | 2025-11-05 06:35:01 | Deep Dive |
| CVE-2025-62884 | WordPress Coupon Affiliates plugin <= 7.2.0 - Broken Access Control vulnerability | Elliot Sowersby / RelyWP | Coupon Affiliates | Medium | 5.3 | 2025-10-27 01:33:44 | Deep Dive |
| CVE-2025-59567 | WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability | Elliot Sowersby / RelyWP | Coupon Affiliates | Medium | 5.5 | 2025-09-22 18:26:00 | Deep Dive |
| CVE-2025-8692 | Coupon API <= 6.2.12 - Authenticated (Administrator+) SQL Injection via 'log_duration' | kamilkhan | Coupon API | Medium | 4.9 | 2025-09-11 07:24:54 | Deep Dive |
| CVE-2025-54025 | WordPress Coupon Affiliates Plugin <= 6.4.0 - Settings Change Vulnerability | Elliot Sowersby / RelyWP | Coupon Affiliates | Medium | 6.5 | 2025-08-20 08:03:02 | Deep Dive |
| CVE-2025-54022 | WordPress Coupon Affiliates plugin <= 6.4.0 - Cross Site Request Forgery (CSRF) Vulnerability | Elliot Sowersby / RelyWP | Coupon Affiliates | Medium | 6.5 | 2025-07-16 10:36:45 | Deep Dive |
| CVE-2025-2011 | Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter | averta | Depicter — Popup & Slider Builder | High | 7.5 | 2025-05-06 09:21:49 | Deep Dive |
| CVE-2025-3598 | Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter | elliotvs | Coupon Affiliates – Affiliate Plugin for WooCommerce | Medium | 6.1 | 2025-04-18 05:23:00 | Deep Dive |
| CVE-2025-32642 | WordPress Vite Coupon plugin <= 1.0.9 - CSRF to Remote Code Execution (RCE) vulnerability | appsbd | Vite Coupon | Critical | 10.0 | 2025-04-09 16:09:22 | Deep Dive |
| CVE-2025-22667 | WordPress Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets plugin <= 1.8.2 - Broken Access Control vulnerability | Creative Werk Designs | Export Order, Product, Customer & Coupon for WooCommerce to Google Sheets | Medium | 4.3 | 2025-03-27 14:24:01 | Deep Dive |
| CVE-2024-12204 | Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization | premio | Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce | Medium | 5.4 | 2025-01-11 02:20:55 | Deep Dive |
| CVE-2024-12627 | Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection | premio | Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce | High | 7.5 | 2025-01-11 02:20:54 | Deep Dive |
| CVE-2024-12516 | Coupon Plugin <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting | vickydalmia | Coupon Plugin | Medium | 6.4 | 2025-01-07 07:22:34 | Deep Dive |
| CVE-2024-56235 | WordPress Coupon plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability | Vicky Kumar | Coupon | Medium | 6.5 | 2024-12-31 10:16:40 | Deep Dive |
| CVE-2024-12421 | Coupon Affiliates – Affiliate Plugin for WooCommerce <= 5.16.7.1 - Unauthenticated Arbitrary Shortcode Execution and Reflected Cross-Site Scripting | elliotvs | Coupon Affiliates – Affiliate Plugin for WooCommerce | Medium | 6.5 | 2024-12-13 08:24:49 | Deep Dive |
| CVE-2024-4633 | Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.2.1- Authenticated (Author+) Stored Cross-Site Scripting | averta | Depicter — Popup & Slider Builder | Medium | 6.4 | 2024-12-06 13:45:20 | Deep Dive |
| CVE-2024-10861 | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups <= 4.9.7 - Missing Authorization to Unauthenticated Limited Options Update | ays-pro | Popup Box – Create Countdown, Coupon, Video, Contact Form Popups | Medium | 5.3 | 2024-11-16 02:02:32 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-4389 | Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.1.1 - Authenticated (Contributor+) Arbitrary File Upload | averta | Depicter — Popup & Slider Builder | High | 8.8 | 2024-08-14 08:29:44 | Deep Dive |