CVE Catalog

CVE-2026-56029

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

The CorvusPay WooCommerce Payment Gateway plugin version 2.7.4 and earlier contains a broken authentication vulnerability that can be exploited without authentication. An attacker can exploit this flaw without having an account in the system.

Risk Assessment

The risk includes unauthorized access to payment functions and potential modification of transactions, which may lead to financial losses and compromise of order integrity.

Recommendation

It is recommended to immediately update the CorvusPay WooCommerce Payment Gateway plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS