CVE-2025-11728

The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...

CVE-2025-11728

CVE-2025-11728 affects the Oceanpayment CreditCard Gateway plugin for WordPress (versions up to 6.0). The root cause is missing authentication and capability checks in the return_payment and notice_payment functions, allowing unauthenticated and unauthorized modification of data. The practical im...

CVE-2025-11728 Oceanpayment CreditCard Gateway <= 6.0 - Missing Authentication to Unauthenticated Order Status Update

The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'returnpayment' and 'noticepayment' functions in all versions up to, and including, 6.0. This makes it possibl...

WordPress plugin Oceanpayment CreditCard Gateway 访问控制错误漏洞

WordPress Oceanpayment CreditCard Gateway plugin is a plugin for integrating credit card payments in your WordPress website, which enables transactions through the payment gateway provided by Oceanpayment. The WordPress Oceanpayment CreditCard Gateway plugin suffers from an Access Control Error...