PatchSiren

corvusinfo CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH corvusinfo CVE published 2026-07-11

CVE-2026-6939

The CorvusPay WooCommerce Payment Gateway plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'approval_code' parameter in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping. This vulnerability has a CVSS score of 7.2 and is considered High severity. The vulnerability allows unauthenticated attackers to inject arbitrary web scripts in [truncated]