Aaron Averbuch

**Name of the Vulnerable Software and Affected Versions** WooCommerce Smart Coupons plugin for WordPress versions up to, and including, 4.6.0 **Description** The issue is related to authorization bypass due to a missing capability check on the `woocommerce coupon admin init` function. This allows unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront. **Recommendations** For versions up to, and including, 4.6.0, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the `woocommerce coupon admin init` function until a patch is available. Ensure your site is updated to the latest version and apply all recommended security patches to protect against coupon creation exploits.