CVE-2025-15609

HIGH 7.5

Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

Vendor	unknown
Product	fortis for woocommerce
Published	May 19, 2026
Last Updated	May 19, 2026

Stay Ahead of the Next One

Get instant alerts for unknown fortis for woocommerce

Be the first to know when new high vulnerabilities affecting unknown fortis for woocommerce are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / Fortis for WooCommerce

0 < 1.3.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/220f72ea-e3b4-44c9-8c9b-15662aebb6cb/

Credits

WPScan Team WPScan