PT-2026-43149 · Webtoffee · Woocommerce Smart Coupons
Hhhai
·
Published
2026-05-25
·
Updated
2026-05-26
·
CVE-2026-45438
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Smart Coupons for WooCommerce versions prior to 2.3.0
Description
A missing authorization issue in WebToffee Smart Coupons for WooCommerce allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform an action.
Recommendations
Update to version 2.3.0 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Woocommerce Smart Coupons