HIGH
WebToffee
CVE published 2026-05-25
CVE-2026-45438
A Missing Authorization vulnerability (CWE-862) in the Smart Coupons for WooCommerce WordPress plugin allows unauthenticated attackers to exploit incorrectly configured access control security levels. The vulnerability affects all versions prior to 2.3.0 and has been assigned a CVSS 3.1 score of 7.5 (HIGH), indicating significant risk due to network attack vector, low attack complexity, no privileges requ [truncated]