A vulnerability labeled as problematic has been found in corvusinfo CorvusPay WooCommerce Payment Gateway Plugin up to 2.7.4. Impacted is the function
corvuspay_success_handler of the file /wp-json/corvuspay/success/ of the component REST Endpoint. The manipulation of the argument order_number results in permission issues.
This vulnerability is cataloged as CVE-2026-9027. The attack may be launched remotely. There is no exploit available.