cleantalk
Vulnerabilities and Security Researches

Oceanpayment CreditCard Gateway, CVE-2025-11728

CVE, Research URL

CVE-2025-11728

Home page URL

Security reports for Oceanpayment CreditCard Gateway

Application

Oceanpayment CreditCard Gateway

Published on
Oct 15, 2025
Research Description
The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'return_payment' and 'notice_payment' functions in all versions up to, and including, 6.0. This makes it possible for unauthenticated attackers to update WooCommerce orders to 'failed' status, and update transaction IDs.
Affected versions
max 6.0.
Status
vulnerable
Previous vulnerability researches
Outdooractive Embed (CVE-2024-11774) , Dec 21, 2024
New vulnerability
One Page Express Companion (CVE-2025-62052) , Nov 11, 2025
Boldermail – Email Marketing and Newsletters for WordPress (CVE-2025-52740) , Nov 11, 2025
Block Country (CVE-2025-48077) , Nov 11, 2025
Attesa Extra (CVE-2025-62971) , Nov 11, 2025
Content Locker for Elementor (CVE-2025-10896) , Nov 11, 2025