What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through <= 4.6.8.
Explanation of Vulnerability in Simple Terms
02Summary
Advanced Coupons for WooCommerce versions up to 4.6.8 contain a SQL injection vulnerability in a high-privilege function. An authenticated admin or shop manager can craft malicious input to read sensitive database information or modify coupon data. The vulnerability requires admin-level access and does not affect site availability significantly.
What an attacker can do
03Attacker Capabilities
Read or modify coupon and customer data in the site database.
Potential impact on your site
04Site Impact
A compromised admin account could expose customer data or manipulate coupon rules and pricing.
Conditions required to exploit
05Prerequisites
Attacker must have admin or shop manager privileges on the WooCommerce site.
Key dates
06Disclosure timeline
October 22, 2025
CVE published
April 28, 2026
Record updated