A vulnerability identified as problematic has been detected in corvusinfo CorvusPay WooCommerce Payment Gateway Plugin up to 2.7.4 on WordPress. This impacts an unknown function of the file /wp-json/corvuspay/success of the component approval_code Handler. The manipulation of the argument approval_code leads to cross site scripting.
This vulnerability is documented as CVE-2026-6939. The attack can be initiated remotely. There is not any exploit available.