Advanced Coupons For Woocommerce Coupons
Monthly
DOM-based cross-site scripting (XSS) in Advanced Coupons for WooCommerce Coupons plugin (versions up to 4.7.1.1) allows authenticated attackers with low privileges to inject malicious scripts that execute in users' browsers with the same privileges as the site context, affecting confidentiality, integrity, and availability of the WordPress installation. The vulnerability has an EPSS score of 0.03% (8th percentile), indicating low real-world exploitation probability despite the moderate CVSS 6.5 rating.
Advanced Coupons for WooCommerce Coupons through version 4.7.1 contains an authorization bypass vulnerability that allows authenticated users to access restricted functionality by exploiting misconfigured access controls. An attacker with valid WordPress credentials could leverage this vulnerability to view or modify coupon data they are not authorized to access. No patch is currently available for this vulnerability.
DOM-based cross-site scripting (XSS) in Advanced Coupons for WooCommerce Coupons plugin (versions up to 4.7.1.1) allows authenticated attackers with low privileges to inject malicious scripts that execute in users' browsers with the same privileges as the site context, affecting confidentiality, integrity, and availability of the WordPress installation. The vulnerability has an EPSS score of 0.03% (8th percentile), indicating low real-world exploitation probability despite the moderate CVSS 6.5 rating.
Advanced Coupons for WooCommerce Coupons through version 4.7.1 contains an authorization bypass vulnerability that allows authenticated users to access restricted functionality by exploiting misconfigured access controls. An attacker with valid WordPress credentials could leverage this vulnerability to view or modify coupon data they are not authorized to access. No patch is currently available for this vulnerability.