Main Vulnerability Database Vulnerabilities #VU25778

Improper access control in WooCommerce Smart Coupons - #VU25778

Published: March 5, 2020

Vulnerability identifier: #VU25778

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: StoreApps

Affected software:
WooCommerce Smart Coupons

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the functionality which allows creation gift certificates which can be emailed to customers. A remote attacker can send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront.

Remediation

Install updates from vendor's website.

Sources

https://wpvulndb.com/vulnerabilities/10109/
https://www.wordfence.com/blog/2020/03/coupon-creation-vulnerability-patched-in-woocommerce-smart-coupons/

Improper access control in WooCommerce Smart Coupons - #VU25778

Detailed vulnerability description

Remediation

Sources

Please verify you're human