CVE-2025-64358
Description
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through <= 2.2.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Smart Coupons for WooCommerce ≤2.2.3 allows unprivileged users to exploit access control flaws, leading to unauthorized actions.
The Smart Coupons for WooCommerce plugin for WordPress is vulnerable to a missing authorization issue in versions 2.2.3 and below. This broken access control vulnerability arises from incorrectly configured security levels, allowing exploitation without proper authentication checks [1].
An attacker can exploit this flaw over the network without needing any special privileges, potentially performing actions that require higher-level access. The vulnerability is part of a broader pattern of access control weaknesses that are frequently targeted in mass exploitation campaigns [1].
Successful exploitation could enable an attacker to manipulate coupon data or perform other unauthorized operations, compromising the integrity of the e-commerce site. While the CVSS score is 4.3 (Medium), the practical risk is elevated due to active exploitation in the wild [1].
The vendor has addressed the issue by releasing version 2.2.4. Users are strongly urged to update to this version immediately or as a workaround, engage a hosting provider or developer for assistance if an immediate update is not possible [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <= 2.2.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.