PT-2026-2840 · WordPress · Float Payment Gateway
Published
2026-01-14
·
Updated
2026-01-14
·
CVE-2025-15513
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Float Payment Gateway plugin for WordPress versions up to and including 1.1.9
Description
The Float Payment Gateway plugin for WordPress is susceptible to unauthorized data modification because of inadequate error handling within the
verifyFloatResponse() function. This flaw allows unauthenticated attackers to change the status of any WooCommerce order to 'failed'.Recommendations
Update the Float Payment Gateway plugin to a version newer than 1.1.9.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Float Payment Gateway