πŸ” CVE Alert

CVE-2020-36841

MEDIUM 5.3

WooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon Creation

CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th

The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim’s storefront.

CWE CWE-285
Vendor woocommerce
Product woocommerce smart coupons
Published Oct 16, 2024
Last Updated Apr 8, 2026
Stay Ahead of the Next One

Get instant alerts for woocommerce woocommerce smart coupons

Be the first to know when new medium vulnerabilities affecting woocommerce woocommerce smart coupons are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

WooCommerce / WooCommerce Smart Coupons
0 < 4.6.5

References

NVD β†— CVE.org β†— EPSS Data β†—
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/eeeb03f7-5f78-4462-b0b4-5080bbc419a3?source=cve wordfence.com: https://www.wordfence.com/blog/2020/03/coupon-creation-vulnerability-patched-in-woocommerce-smart-coupons/

Credits

Aaron Averbuch