What the vulnerability does
01Description
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.
Explanation of Vulnerability in Simple Terms
02Summary
A vulnerability exists in Fortis for WooCommerce versions before 1.3.1. The specific attack vector and impact are not yet documented in available sources. Site administrators running affected versions should update to 1.3.1 or later. Additional technical details will be published as the vulnerability is analyzed.
What an attacker can do
03Attacker Capabilities
Unknown; technical details not yet available.
Potential impact on your site
04Site Impact
Sites running Fortis for WooCommerce < 1.3.1 may be at risk; update immediately.
Conditions required to exploit
05Prerequisites
Unknown; technical details not yet available.
Key dates
06Disclosure timeline
May 19, 2026
CVE published
May 19, 2026
Record updated