What the vulnerability does
01Description
Missing Authorization vulnerability in Codemenschen Gift Vouchers gift-voucher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gift Vouchers: from n/a through <= 4.6.9.
Explanation of Vulnerability in Simple Terms
02Summary
The Gift Vouchers product by Codemenschen versions 4.6.9 and earlier lack proper authorization checks. An unauthenticated attacker can modify voucher data or disable voucher functionality by sending crafted network requests. No user interaction is required. Sites using affected versions should update immediately.
What an attacker can do
03Attacker Capabilities
Modify or disable gift vouchers without authentication.
Potential impact on your site
04Site Impact
Attackers can tamper with or disable your gift voucher system, affecting sales and customer trust.
Conditions required to exploit
05Prerequisites
Network access to the site; no authentication or user interaction required.
Key dates
06Disclosure timeline
July 13, 2026
CVE published
July 13, 2026
Record updated