2025-10-15 08:26:03
Wordfence
PUBLISHED
The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the return_payment and notice_payment functions in all versions up to, and including, 6.0. This makes it possible for unauthenticated attackers to update WooCommerce orders to failed status, and update transaction IDs.