Skip to main content

Smart Coupons For Woocommerce

1 CVEs product

Monthly

CVE-2026-45438 HIGH PATCH This Week

Unauthenticated integrity compromise in WebToffee Smart Coupons for WooCommerce (versions before 2.3.0) allows remote attackers to bypass access controls and modify coupon-related data without authentication. The flaw stems from missing authorization checks (CWE-862) on plugin endpoints, and while no public exploit has been identified at time of analysis, SSVC flags the issue as automatable, meaning mass exploitation tooling could emerge rapidly. EPSS is currently low (0.03%) despite the network-exploitable nature of the bug.

Authentication Bypass WordPress Smart Coupons For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Unauthenticated integrity compromise in WebToffee Smart Coupons for WooCommerce (versions before 2.3.0) allows remote attackers to bypass access controls and modify coupon-related data without authentication. The flaw stems from missing authorization checks (CWE-862) on plugin endpoints, and while no public exploit has been identified at time of analysis, SSVC flags the issue as automatable, meaning mass exploitation tooling could emerge rapidly. EPSS is currently low (0.03%) despite the network-exploitable nature of the bug.

Authentication Bypass WordPress Smart Coupons For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy