WordPress Plugin Vulnerabilities

Advanced Coupons for WooCommerce Coupons < 4.7.1.1 - Missing Authorization

Description

The Advanced Coupons for WooCommerce Coupons plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 4.7.1. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
advanced-coupons-for-woocommerce-free
Fixed in 4.7.1.1

References

CVE
CVE-2026-31919
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/8591cbd0-0bdb-4222-8485-0e96cf15e39f

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
PPzzAArr
Verified
No
WPVDB ID
bdbc8751-7732-414f-9c79-e0c9416045b0

Timeline

Publicly Published
2026-02-06 (about 3 months ago)
Added
2026-04-15 (about 1 month ago)
Last Updated
2026-04-15 (about 1 month ago)

Other

Published
Title
Published
2025-11-03
Title
Crypto Payment Gateway with Payeer for WooCommerce <= 1.0.3 - Unauthenticated Payment Bypass
Published
2026-01-20
Title
Admin login URL Change < 1.1.6 - Missing Authorization
Published
2025-12-12
Title
HAPPY – Helpdesk Support Ticket System < 1.0.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Reply
Published
2026-04-23
Title
HubSpot All-In-One Marketing - Forms, Popups, Live Chat < 11.3.33 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure
Published
2026-01-29
Title
Nelio Popups < 1.3.6 - Missing Authorization