CVE-2025-15609

HIGH CVSS 7.5 View on NVD ↗

Description

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

https://wpscan.com/vulnerability/220f72ea-e3b4-44c9-8c9b-15662aebb6cb/

Published: May 19, 2026 07:16 UTC Modified: May 19, 2026 14:38 UTC