#Description

I create a coupon only for one user and a one-time use coupon.

Then create two users, and both of them can use the coupon, but only one of them should be able to use the coupon.

Proof of Concept

first, create a one-time and one-user coupon code that, e.g. is aaaaa.
the attacker has two customers accounts with names A and B.
both A and B add a product ( can be different ) to their carts and they will see a window that they can enter the aaaaa coupon on it. they enter the coupon code on it and they should not click on `Proceed to Checkout.

after that both A and B enter the coupon then they click on Proceed to Checkout and we see that the coupon is used twice.