CVE-2026-45438: WordPress Smart Coupons for WooCommerce plugin < 2.3.0 - Broken Access Control vulnerability
Published May 25, 2026
·Updated
Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0.
Affected Software
1 affected component
WebToffee Smart Coupons for WooCommerce<2.3.0
Remediation
Information
Update the WordPress Smart Coupons for WooCommerce Plugin to the latest available version (at least 2.3.0).
Event History
May 25, 2026
CVE Published
via MITRE·10:18 PM
Data Sourced
via MITRE·10:18 PM
RemedyDescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2026-45438?
CVE-2026-45438 has a high severity rating of 7.5.
2
How do I fix CVE-2026-45438?
To fix CVE-2026-45438, update the WordPress Smart Coupons for WooCommerce plugin to version 2.3.0 or later.
3
What type of vulnerability is CVE-2026-45438?
CVE-2026-45438 is a Broken Access Control vulnerability.
4
Which versions of the plugin are affected by CVE-2026-45438?
CVE-2026-45438 affects WebToffee Smart Coupons for WooCommerce versions prior to 2.3.0.
5
What is the impact of CVE-2026-45438?
CVE-2026-45438 allows exploitation of incorrectly configured access control security levels.