WooCommerce Smart Coupons < 4.6.5 - Unauthenticated Coupon Creation



Description
"By crafting a request with all of the necessary parameters, attackers could generate and send themselves valid gift certificates for a victim’s WooCommerce store. This vulnerability has been patched as of WooCommerce Smart Coupons 4.6.5."

Affects Plugin

fixed in version 4.6.5

References

URL https://www.wordfence.com/blog/2020/03/coupon-creation-vulnerability-patched-in-woocommerce-smart-coupons/

Classification

Type BYPASS

Miscellaneous

Original Researcher Aaron Averbuch
Views 1758
Verified No
WPVDB ID 10109

Timeline

Publicly Published 2020-03-04 (3 months ago)
Added 2020-03-04 (3 months ago)
Last Updated 2020-03-05 (3 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin