Vulnerability CVE-2020-36841


Published: 2024-10-16

Description:
The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. This makes it possible for unauthenticated attackers to send themselves gift certificates of any value, which could be redeemed for products sold on the victim??s storefront.

Type:

CWE-285

(Improper Authorization)

 References:
https://www.wordfence.com/threat-intel/vulnerabilities/id/eeeb03f7-5f78-4462-b0b4-5080bbc419a3?source=cve
https://www.wordfence.com/blog/2020/03/coupon-creation-vulnerability-patched-in-woocommerce-smart-coupons/

Copyright 2024, cxsecurity.com

 

Back to Top