Primary

Context

Coupon X WordPress Plugin Missing Authorization Vulnerability

Vulnerability

A vulnerability exists in the Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress, in all versions through 1.3.5. The issue arises from inadequate capability checks in the class-cx-rest.php file, allowing authenticated attackers with Subscriber-level access or higher to gain unauthorized privileges. Exploitation of this vulnerability enables the creation of 100% off coupons, deletion of posts and leads, and modification of coupon statuses.

Impact

Exploitation allows for unauthorized actions such as creating highly discounted coupons, deleting posts and leads, and changing coupon statuses.

Remediation

Users are advised to update the plugin to version 1.3.6 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.9

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Coupon X WordPress Plugin Missing Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating