What the vulnerability does
01Description
Missing Authorization vulnerability in Imtiaz Rayhan WP Coupons and Deals wp-coupons-and-deals allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Coupons and Deals: from n/a through <= 3.2.4.
Explanation of Vulnerability in Simple Terms
02Summary
WP Coupons and Deals through version 3.2.4 lacks proper authorization checks, allowing authenticated users with low privileges to modify coupon data they should not have access to. An attacker with a basic user account can alter coupon settings or content without restriction. The vulnerability requires a valid WordPress login but does not affect site availability or expose sensitive data.
What an attacker can do
03Attacker Capabilities
Modify coupon data and settings with a low-privilege user account.
Potential impact on your site
04Site Impact
Coupon campaigns may be altered or sabotaged by low-privilege users, affecting promotions and customer trust.
Conditions required to exploit
05Prerequisites
Attacker must have a valid WordPress user account with low privileges.
Key dates
06Disclosure timeline
December 16, 2025
CVE published
April 28, 2026
Record updated