Hello,
I found an annoying security hole. Has a redeemed coupon and an expired one, such as BLACKFRIDAY.
When you add a simple operator to the coupon code in combination with quotes, you can reactivate this coupon an unlimited number of times (each time adding a space so that the combination does not repeat). I do not want to post an injection example, if interested, I will send it to the administrator at the mail indicated by him.
Sincerely.