[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fF_zIT10RCbyTbDEdT7S79MDfT0W_SCv3odAcuqt3h2M":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":30,"research_verified":31,"research_rounds_completed":32,"research_plan":33,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":34,"research_started_at":35,"research_completed_at":36,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":31,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":31,"source_links":37},"CVE-2026-45438","smart-coupons-for-woocommerce-coupons-missing-authorization","Smart Coupons For WooCommerce Coupons \u003C 2.3.0 - Missing Authorization","The Smart Coupons For WooCommerce Coupons plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to 2.3.0. This makes it possible for unauthenticated attackers to perform an unauthorized action.","wt-smart-coupons-for-woocommerce",null,"\u003C2.3.0","2.3.0","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Missing Authorization","2026-05-15 00:00:00","2026-05-19 13:16:29",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F33a5838b-2cec-4b47-ac0c-577f090e8041?source=api-prod",5,[22,23,24,25,26,27,28,29],"README.txt","admin\u002Fcross-promotion-banners\u002Fclass-wbte-accessibility-banner.php","admin\u002Fmodules\u002Fbanner\u002Fclass-wbte-cta-banner.php","admin\u002Fmodules\u002Fbogo-admin\u002Fassets\u002Fcss\u002Fstyle.css","changelog.txt","includes\u002Fclass-wt-smart-coupon.php","public\u002Fmodules\u002Fauto-coupon-public\u002Fclass-wt-smart-coupon-auto-coupon-public.php","public\u002Fmodules\u002Fbogo-public\u002Fclass-wbte-smart-coupon-bogo-public.php","researched",false,3,"# Vulnerability Analysis: CVE-2026-45438 - Missing Authorization in Smart Coupons For WooCommerce Coupons\n\nThe Smart Coupons For WooCommerce Coupons plugin (versions \u003C 2.3.0) contains a missing authorization vulnerability in its cross-promotion banner system. Specifically, the AJAX handlers used to manage the \"Accessibility CTA\" banner and potentially other banners (like the EMA or CTA banners added in 2.2.8) lack proper `nopriv` registration or fail to strictly enforce capability checks across all banner-related actions, allowing unauthenticated attackers to perform unauthorized actions such as dismissing administrative notices or triggering background processes.\n\nThe CVSS vector `AV:N\u002FAC:L\u002FPR:N\u002FUI:N` confirms this is unauthenticated. Based on the source code of `Wbte_Accessibility_Banner`, while some methods have `current_user_can` checks, the presence of these banner management functions and their AJAX registrations is the primary attack surface. In vulnerable versions, the `wp_ajax_nopriv_` versions of these actions are either registered without checks or the existing checks are insufficient.\n\n## 1. Attack Vector Analysis\n\n*   **Endpoint:** `wp-admin\u002Fadmin-ajax.php`\n*   **Action:** `wbte_accessibility_dismiss_banner`, `wbte_accessibility_remind_later`, or `wbte_accessibility_install_plugin` (and potentially similar actions in `Wbte_Cta_Banner` or `Wbte_Ema_Banner`).\n*   ","gemini-3-flash-preview","2026-05-20 17:31:09","2026-05-20 17:31:51",{"type":38,"vulnerable_version":39,"fixed_version":11,"vulnerable_browse":40,"vulnerable_zip":41,"fixed_browse":42,"fixed_zip":43,"all_tags":44},"plugin","2.2.9","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwt-smart-coupons-for-woocommerce\u002Ftags\u002F2.2.9","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-smart-coupons-for-woocommerce.2.2.9.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwt-smart-coupons-for-woocommerce\u002Ftags\u002F2.3.0","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwt-smart-coupons-for-woocommerce.2.3.0.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwt-smart-coupons-for-woocommerce\u002Ftags"]