CVE-2025-11728 – Oceanpayment CreditCard Gateway

CVE ID : CVE-2025-11728

Published : Oct. 15, 2025, 9:15 a.m. | 1 hour, 24 minutes ago

Description : The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the ‘return_payment’ and ‘notice_payment’ functions in all versions up to, and including, 6.0. This makes it possible for unauthenticated attackers to update WooCommerce orders to ‘failed’ status, and update transaction IDs.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…