WordPress Plugin Vulnerabilities

Coupon Referral Program < 1.8.5 - Sensitive Information Disclosure

Description

The plugin is vulnerable to Sensitive Information Exposure. This makes it possible for unauthenticated attackers to extract sensitive user data.

Affects Plugins

Plugin icon
coupon-referral-program
Fixed in 1.8.5

References

CVE
CVE-2023-52190
URL
https://patchstack.com/database/wordpress/plugin/coupon-referral-program/vulnerability/wordpress-coupon-referral-program-plugin-1-7-2-unauthenticated-sensitive-data-pii-coupon-data-exposure-vulnerability

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dave Jong
Verified
No
WPVDB ID
a47d99f4-d4ab-4ec6-a132-f71de0c6c36d

Timeline

Publicly Published
2024-01-03 (about 2 years ago)
Added
2024-01-12 (about 2 years ago)
Last Updated
2025-12-16 (about 2 months ago)

Other

Published
Title
Published
2024-10-21
Title
All-in-One WP Migration and Backup < 7.87 - Unauthenticated Information Disclosure via Error Logs
Published
2025-11-10
Title
Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure
Published
2023-11-07
Title
Cloud Templates & Patterns collection < 1.2.3 - Sensitive Information Exposure via Log File
Published
2024-06-20
Title
affiliate-toolkit < 3.4.5 - Unauthenticated Sensitive Information Exposure via Logs
Published
2024-08-12
Title
Order Export for WooCommerce < 3.24 - Unauthenticated Sensitive Information Exposure