What the vulnerability does
01Description
Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through <= 6.8.0.
Explanation of Vulnerability in Simple Terms
02Summary
Coupon Affiliates through version 6.8.0 lacks proper authorization checks, allowing high-privilege users to access or modify sensitive functionality they should not have permission to use. The vulnerability affects confidentiality, integrity, and availability with low impact. Attack complexity is high, suggesting exploitation requires specific conditions or configuration.
What an attacker can do
03Attacker Capabilities
A high-privilege user can access or modify restricted functionality beyond their intended permissions.
Potential impact on your site
04Site Impact
Privileged users (e.g., administrators) may be able to perform unauthorized actions affecting data or site operations.
Conditions required to exploit
05Prerequisites
Attacker must have high-level privileges on the site; no user interaction required.
Key dates
06Disclosure timeline
September 22, 2025
CVE published
April 28, 2026
Record updated