Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

Basic Information

ID CVE-2025-15609

Source WPScan

Published May 19, 2026 at 06:00

Modified May 19, 2026 at 13:16

Affected Product

Vendor Unknown

Product Fortis for WooCommerce

Affected Versions Unknown Fortis for WooCommerce 0

CWE Classification

References

wpscan.com /vulnerability/220f72ea-e3b4-44c9-8c9b-15662aebb6cb/

{
    "lastseen": "",
    "description": "The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.",
    "published": "2026-05-19T06:00:10.476Z",
    "modified": "2026-05-19T13:16:06.513Z",
    "type": "cve",
    "title": "Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/220f72ea-e3b4-44c9-8c9b-15662aebb6cb/",
    "id": "CVE-2025-15609",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Fortis for WooCommerce 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Fortis for WooCommerce",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure_CVE-2025-15609