VYPR

Pay

by Yansongda

Source repositories

CVEs (1)

  • CVE-2026-33661HigMar 26, 2026
    risk 0.49cvss 8.6epss 0.01

    Pay is an open-source payment SDK extension package for various Chinese payment services. Prior to version 3.7.20, the `verify_wechat_sign()` function in `src/Functions.php` unconditionally skips all signature verification when the PSR-7 request reports `localhost` as the host.…