CVE-2026-9027 CorvusPay WooCommerce Payment Gateway <= 2.7.4 - Unauthenticated Improper Verification of Cryptographic Signature to Payment Bypass via /wp-json/corvuspay/success/ REST Endpoint
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Payment Bypass via Improper Verification of Cryptographic Signature in all versions up to, and including, 2.7.4. The corvuspaysuccesshandler function registers the REST endpoint POST /wp-json/corvuspay/success/ with...