Float Payment Gateway

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as failed.

Basic Information

ID CVE-2025-15513

Source Wordfence

Published Jan 14, 2026 at 06:40

Affected Product

Vendor floattechnologies

Product Float Payment Gateway

Version *

Affected Versions floattechnologies Float Payment Gateway *

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as failed.",
    "published": "2026-01-14T06:40:07.126Z",
    "modified": "2026-01-14T06:40:07.126Z",
    "type": "cve",
    "title": "Float Payment Gateway <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2c7fb39-d128-4285-8bc3-1e192e1e1196?source=cve\nhttps://plugins.trac.wordpress.org/browser/float-gateway/tags/1.1.9/index.php#L477",
    "id": "CVE-2025-15513",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "floattechnologies Float Payment Gateway *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Float Payment Gateway",
    "version": "*",
    "vendor": "floattechnologies",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Float Payment Gateway <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation_CVE-2025-15513