The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to a security issue that could lead to unauthorized loss of data. This plugin is used for websites built using WordPress and all versions up to and including 5.16.0 are affected. A security flaw in the capability check present in the wcal_delete_expired_used_coupon_code function makes it possible for users with subscriber privileges or above to delete expired used coupon codes, as long as they are able to get a nonce through another vulnerability.