In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade craftcms/commerce to version 4.11.2, 5.6.5 or higher.
craftcms/commerce is a Craft Commerce
Affected versions of this package are vulnerable to Brute Force in the actionUpdateCart process when the 'number' parameter is not provided, which disables rate limiting. An attacker can enumerate valid coupon codes by sending automated requests without restriction.