CVE-2020-36841

Name of the Vulnerable Software and Affected Versions WooCommerce Smart Coupons plugin for WordPress versions up to, and including, 4.6.0

Description The issue is related to authorization bypass due to a missing capability check on the woocommerce coupon admin init function. This allows unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront.

Recommendations For versions up to, and including, 4.6.0, update to the latest version to mitigate risks. As a temporary workaround, consider restricting access to the woocommerce coupon admin init function until a patch is available. Ensure your site is updated to the latest version and apply all recommended security patches to protect against coupon creation exploits.