PT-2026-43149 · Webtoffee · Woocommerce Smart Coupons

Hhhai

·

Published

2026-05-25

·

Updated

2026-05-26

·

CVE-2026-45438

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Smart Coupons for WooCommerce versions prior to 2.3.0
Description A missing authorization issue in WebToffee Smart Coupons for WooCommerce allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform an action.
Recommendations Update to version 2.3.0 or later.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45438

Affected Products

Woocommerce Smart Coupons