Coupon Affiliates < 5.4.4 – Unauthenticated Reflected XSS | CVE 2023-28992

Affects Plugins

woo-coupon-usage

Fixed in 5.4.4

References

CVE

CVE-2023-28992

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.1 (high)

Miscellaneous

Original Researcher

thiennv

Verified

No

WPVDB ID

96731ae9-4685-4869-b85f-b19ef201413d

Timeline

Publicly Published

2023-06-26 (about 2 years ago)

Added

2023-06-26 (about 2 years ago)

Last Updated

2023-06-26 (about 2 years ago)

Other

Published

Title

Published

2025-01-30

Title

Music Sheet Viewer <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-07-05

Title

NEX-Forms – Ultimate Form Builder < 8.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-09-26

Title

Lenix scss compiler <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2024-08-07

Title

Organization chart < 1.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description Parameters

Published

2024-09-24

Title

OneElements – Best Elementor Addons <= 1.3.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload