HIGH
Fortis
CVE published 2026-05-19
CVE-2025-15609
The Fortis for WooCommerce WordPress plugin before version 1.3.1 contains an information disclosure vulnerability that exposes sensitive API keys to unauthenticated attackers. The vulnerability allows remote, unauthenticated attackers to obtain Fortis API credentials, which can subsequently be used to query the Fortis API and retrieve sensitive customer information including past order details and persona [truncated]