{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T16:07:24.828","vulnerabilities":[{"cve":{"id":"CVE-2025-15513","sourceIdentifier":"security@wordfence.com","published":"2026-01-14T07:16:14.433","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse() function in all versions up to, and including, 1.1.9. This makes it possible for unauthenticated attackers to mark any WooCommerce order as failed."},{"lang":"es","value":"El plugin Float Payment Gateway para WordPress es vulnerable a la modificación no autorizada de datos debido a un manejo inadecuado de errores en la función verifyFloatResponse() en todas las versiones hasta la 1.1.9, inclusive. Esto permite a atacantes no autenticados marcar cualquier pedido de WooCommerce como fallido."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/float-gateway/tags/1.1.9/index.php#L477","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3444078%40float-gateway&new=3444078%40float-gateway&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/b2c7fb39-d128-4285-8bc3-1e192e1e1196?source=cve","source":"security@wordfence.com"}]}}]}