Vulnerabilities in corvusinfo
3 resultsCVE-2026-6939HIGHCorvusPay WooCommerce Payment Gateway <= 2.7.4 - Unauthenticated Stored Cross-Site Scripting via 'approval_code' ParameterEPSS 0.3%CVE-2026-9028MEDIUMCorvusPay WooCommerce Payment Gateway <= 2.7.4 - Missing Authorization to Unauthenticated Arbitrary Order Cancellation via 'order_number' ParameterEPSS 0.3%CVE-2026-9027MEDIUMCorvusPay WooCommerce Payment Gateway <= 2.7.4 - Unauthenticated Improper Verification of Cryptographic Signature to Payment Bypass via /wp-json/corvuspay/success/ REST EndpointEPSS 0.2%