The CorvusPay WooCommerce Payment Gateway plugin contains an unauthenticated broken authentication flaw, posing a severe risk of unauthorized access and potential payment interception.

This vulnerability involves a critical failure in the authentication mechanism of the plugin, allowing unauthenticated remote attackers to bypass security controls and interact with the gateway.

The exploitation of this vulnerability could lead to unauthorized access to payment gateway settings, potentially resulting in the interception of transaction data or financial fraud. With a CVSS score of 7.5, this high-severity flaw represents a significant risk to the integrity of e-commerce operations and customer trust.

Immediate Action: Update the CorvusPay WooCommerce Payment Gateway plugin to the latest version provided by the vendor immediately.

Proactive Monitoring: Review web server access logs for anomalous request patterns or unauthorized attempts to access plugin-specific endpoints.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block suspicious traffic directed at WooCommerce plugin directories.

Public Exploit Available: false

Given the high CVSS score and the critical nature of payment processing, organizations must prioritize patching this plugin. If an update is not immediately available, restrict access to the affected administrative functions until a secure version is deployed to mitigate the risk of unauthorized access.