CVE-2025-15609

CVE-2025-15609: Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure

Vendor Unknown
Product Fortis for WooCommerce
Published May 19, 2026
Last update May 19, 2026

CVSS base score

What the vulnerability does

01Description

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

Explanation of Vulnerability in Simple Terms

02Summary

A vulnerability exists in Fortis for WooCommerce versions before 1.3.1. The specific attack vector and impact are not yet documented in available sources. Site administrators running affected versions should update to 1.3.1 or later. Additional technical details will be published as the vulnerability is analyzed.

What an attacker can do

03Attacker Capabilities

Unknown; technical details not yet available.

Potential impact on your site

04Site Impact

Sites running Fortis for WooCommerce < 1.3.1 may be at risk; update immediately.

Conditions required to exploit

05Prerequisites

Unknown; technical details not yet available.

Key dates

06Disclosure timeline

May 19, 2026 CVE published
May 19, 2026 Record updated