PT-2025-42313 · WordPress · Oceanpayment Creditcard Gateway
Published
2025-10-15
·
Updated
2025-10-15
·
CVE-2025-11728
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Oceanpayment CreditCard Gateway plugin for WordPress versions through 6.0
Description
The Oceanpayment CreditCard Gateway plugin for WordPress is susceptible to unauthorized data modification. This is due to the absence of authentication and authorization checks within the
return payment and notice payment functions. An unauthenticated attacker can exploit this to alter WooCommerce order statuses to 'failed' and modify transaction IDs.Recommendations
Update the Oceanpayment CreditCard Gateway plugin to a version beyond 6.0.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oceanpayment Creditcard Gateway