Sensitive Data Exposure in Coupon Affiliates Plugin by WordPress
CVE-2026-49068

7.5HIGH

Key Information:

Vendor: WordPress
Status: Coupon Affiliates
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-49068?

The Coupon Affiliates plugin for WordPress, up to version 7.8.1, is susceptible to sensitive data exposure. This vulnerability can potentially allow unauthorized access to sensitive user data, posing serious privacy risks to users. Ensuring that your plugin is updated to the latest version is essential to mitigate any security threats related to this vulnerability.

Affected Version(s)

Coupon Affiliates <= 7.8.1

References

https://patchstack.com/database/wordpress/plugin/woo-coup...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 27, 2026

Credit

Stefano | Patchstack Bug Bounty Program

CVE-2026-49068 Data

JSON