CVE-2025-3598 Coupon Affiliates – Affiliate Plugin for WooCommerce

CVE-2025-3598 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter

April 19, 2025 invoker category_cve

Vulnerability Details

Basic Information

Title	CVE-2025-3598 Coupon Affiliates – Affiliate Plugin for WooCommerce <= 6.3.0 - Reflected Cross-Site Scripting via 'commission_summary' Parameter
Type	cve
Published	2025-04-18T05:22:59
Last Seen	2025-04-18T06:06:31
CVSS Score	6.1 (MEDIUM)

CVSS v3 Details

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	REQUIRED
Scope	CHANGED
Confidentiality Impact	LOW
Integrity Impact	LOW
Availability Impact	NONE

CVE Information

CVE IDs	CVE-2025-3598
CWE	CWE-79
Bulletin Family	cve

Description

The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the commission_summary parameter in all versions up to, and including, .6.3.0 due to insufficient input sanitization and…

Impact Assessment

Base Score	6.1
Severity	MEDIUM

View full CVE details