Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4.
Fixes

Solution

Update the WordPress Coupon Referral Program WordPress plugin to the latest available version (at least 1.8.4).


Workaround

No workaround given by the vendor.

History

Mon, 08 Sep 2025 10:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 08 Sep 2025 10:00:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4.
Title WordPress Coupon Referral Program Plugin <= 1.7.2 is vulnerable to PHP Object Injection WordPress Coupon Referral Program plugin < 1.8.4 - Unauthenticated PHP Object Injection vulnerability
References

Tue, 08 Oct 2024 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Wpswings
Wpswings coupon Referral Program
CPEs cpe:2.3:a:wpswings:coupon_referral_program:*:*:*:*:*:wordpress:*:*
Vendors & Products Wpswings
Wpswings coupon Referral Program

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2025-09-08T09:52:43.888Z

Reserved: 2024-02-05T06:37:05.174Z

Link: CVE-2024-25100

cve-icon Vulnrichment

Updated: 2024-08-01T23:36:21.641Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-12T07:15:11.577

Modified: 2025-09-26T16:44:28.857

Link: CVE-2024-25100

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.