CVE-2025-54022 is a Cross-Site Request Forgery (CSRF) vulnerability identified in the Coupon Affiliates plugin developed by Elliot Sowersby / RelyWP, affecting versions up to 6.4.0. CSRF vulnerabilities allow attackers to trick authenticated users into submitting unwanted requests to a web application in which they are currently authenticated. In this case, the vulnerability exists in the Coupon Affiliates plugin, which is commonly used in WordPress environments to manage affiliate coupon codes. The CVSS 3.1 base score of 6.5 indicates a medium severity level. The vector string (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) reveals that the attack can be executed remotely over the network without privileges and requires user interaction (such as clicking a link or visiting a malicious site). The impact is limited to availability (A:H), meaning the vulnerability could allow an attacker to disrupt the normal functioning of the plugin or the website, potentially causing denial of service or other availability issues. There is no impact on confidentiality or integrity. No known exploits are reported in the wild, and no patches have been linked yet. The vulnerability stems from the plugin's failure to implement proper anti-CSRF tokens or other protections to verify the legitimacy of requests, allowing attackers to craft malicious requests that the plugin processes as legitimate. This can lead to unauthorized actions being performed on behalf of the user, such as modifying plugin settings or triggering unintended behaviors that affect site availability.

For European organizations using WordPress websites with the Coupon Affiliates plugin, this vulnerability poses a risk primarily to website availability. An attacker could exploit the CSRF flaw to disrupt affiliate coupon functionalities, potentially causing loss of revenue or customer trust due to malfunctioning promotional features. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact could affect e-commerce operations or marketing campaigns reliant on the plugin. Given the widespread use of WordPress across Europe, organizations in retail, marketing, and affiliate sectors are particularly at risk. Additionally, if exploited in combination with other vulnerabilities, attackers might escalate the impact. The lack of required privileges and the remote nature of the attack increase the risk surface, especially if users with administrative or editorial roles are targeted. However, since user interaction is required, social engineering or phishing tactics would likely be necessary to trigger the exploit.

European organizations should immediately audit their WordPress installations to identify if the Coupon Affiliates plugin is in use and verify the version. Until an official patch is released, administrators should consider disabling or removing the plugin if it is not critical to operations. If removal is not feasible, implementing web application firewall (WAF) rules to detect and block suspicious POST requests lacking valid CSRF tokens can reduce risk. Educating users, especially administrators and editors, about phishing and social engineering risks can help prevent exploitation via user interaction. Monitoring web server logs for unusual or repeated requests targeting the plugin endpoints may provide early detection of attempted exploitation. Organizations should subscribe to vendor advisories and Patchstack updates to apply security patches promptly once available. Additionally, employing Content Security Policy (CSP) headers and SameSite cookie attributes can help mitigate CSRF risks at the browser level.