CVE-2025-15609

CVE-2025-15609: Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure

Vendor Unknown

Product Fortis for WooCommerce

Published May 19, 2026

Last update May 19, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

Key dates

Disclosure timeline

May 19, 2026 CVE published

May 19, 2026 Record updated