CVE-2026-56029
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
The CorvusPay WooCommerce Payment Gateway plugin version 2.7.4 and earlier contains a broken authentication vulnerability that can be exploited without authentication. An attacker can exploit this flaw without having an account in the system.
Risk Assessment
The risk includes unauthorized access to payment functions and potential modification of transactions, which may lead to financial losses and compromise of order integrity.
Recommendation
It is recommended to immediately update the CorvusPay WooCommerce Payment Gateway plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.

