Description
Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
Published: 2026-06-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in WordPress Coupon Affiliates plugin versions 7.8.1 and earlier, where subscriber sensitive data can be exposed without proper access controls. This flaw, classified as CWE-497, allows unintended disclosure of confidential subscriber information. The impact is loss of confidentiality for subscribers and could facilitate further attacks if the exposed data is leveraged.

Affected Systems

RelyWP’s Coupon Affiliates plugin, a WordPress extension, is affected in all releases up to and including version 7.8.1. The vulnerability affects website installations that have not upgraded beyond this version.

Risk and Exploitability

The CVSS score of 7.5 indicates a medium‑to‑high severity. The EPSS score is below 1%, suggesting that the probability of exploitation is currently low, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through web‑based API or admin requests to the plugin, enabling an attacker to retrieve subscriber data. Successful exploitation would provide an attacker with confidential information without requiring privileged credentials, assuming the plugin lacks proper authentication checks on the exposed endpoints.

Generated by OpenCVE AI on June 16, 2026 at 20:27 UTC.

Remediation

Vendor Solution

Update the WordPress Coupon Affiliates Plugin to the latest available version (at least 7.8.2).

OpenCVE Recommended Actions

  • Update the Coupon Affiliates plugin to version 7.8.2 or later.
  • If the update cannot be applied immediately, temporarily disable the plugin or restrict its access to prevent data exposure.
  • Review the WordPress user roles and capabilities to ensure that only authorized personnel can view subscriber data.

Generated by OpenCVE AI on June 16, 2026 at 20:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Relywp
Relywp coupon Affiliates
Wordpress
Wordpress wordpress
Vendors & Products Relywp
Relywp coupon Affiliates
Wordpress
Wordpress wordpress

Tue, 16 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Subscriber Sensitive Data Exposure in Coupon Affiliates <= 7.8.1 versions.
Title WordPress Coupon Affiliates plugin <= 7.8.1 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Relywp Coupon Affiliates
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-16T01:19:25.798Z

Reserved: 2026-05-27T10:26:54.457Z

Link: CVE-2026-49068

cve-icon Vulnrichment

Updated: 2026-06-16T01:19:20.748Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T21:17:19.650

Modified: 2026-06-15T21:24:32.790

Link: CVE-2026-49068

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T20:30:03Z

Weaknesses
  • CWE-497

    Exposure of Sensitive System Information to an Unauthorized Control Sphere