Main Vulnerability Database Vulnerabilities #VU25778

#VU25778 Improper access control in WooCommerce Smart Coupons

Published: March 5, 2020

Vulnerability identifier: #VU25778

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WooCommerce Smart Coupons

Software vendor:
StoreApps

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the functionality which allows creation gift certificates which can be emailed to customers. A remote attacker can send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront.

Remediation

Install updates from vendor's website.

External links

https://wpvulndb.com/vulnerabilities/10109/
https://www.wordfence.com/blog/2020/03/coupon-creation-vulnerability-patched-in-woocommerce-smart-coupons/

#VU25778 Improper access control in WooCommerce Smart Coupons

Description

Remediation

External links

Please verify you're human