HIGH
corvusinfo
CVE published 2026-07-11
CVE-2026-6939
The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approval_code' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This vulnerability has a CVSS score of 7.2 and is considered High severity. The vulnerability allows unauthenticated attackers to inject arbitrary web scripts in [truncated]