Unauthorized Access Vulnerability in Coupon X, WordPress Plugin
CVE-2024-12204

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Coupon X – Discount Popups & Promo Codes Pop Ups For WooCommerce
Vendor: CVE Published:; 11 January 2025

What is CVE-2024-12204?

The Coupon X plugin, an extension for WordPress, is susceptible to unauthorized access due to inadequate capability checks in critical functions. This flaw potentially enables authenticated users with Subscriber-level permissions to exploit the system, allowing them to create significant discounts, remove posts, delete leads, and alter coupon statuses. This vulnerability impacts all versions up to 1.3.5 and necessitates immediate attention to secure affected sites.

Affected Version(s)

Coupon X – Discount Popups & Promo Codes Pop Ups for WooCommerce 0 <= 1.3.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3219466/coup...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 11, 2025

CVE-2024-12204 Data

JSON