Coupon Affiliates Vulnerable to Cross-site Scripting Attacks
CVE-2024-29125

7.1HIGH

Key Information:

Vendor: WordPress
Status: Coupon Affiliates
Vendor: CVE Published:; 19 March 2024

What is CVE-2024-29125?

A Cross-Site Scripting vulnerability exists in the Coupon Affiliates plugin developed by RelyWP. This issue arises from improper neutralization of user-supplied input during the web page generation process, leading to potential reflected XSS attacks. Attackers can exploit this vulnerability to execute arbitrary scripts in the context of the user’s session, thereby compromising the integrity and confidentiality of the affected site. Users of Coupon Affiliates versions from n/a through 5.12.7 are advised to implement patches and updates to mitigate this risk.

Affected Version(s)

Coupon Affiliates <= 5.12.7

References

https://patchstack.com/database/vulnerability/woo-coupon-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2024
Vulnerability Reserved
Mar 16, 2024

Credit

stealthcopter (Patchstack Alliance)