High severity7.5NVD Advisory· Published May 19, 2026· Updated May 19, 2026
CVE-2025-15609
CVE-2025-15609
Description
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.3.1
- Range: <1.3.1
Patches
Vulnerability mechanics
References
1News mentions
1- Wordfence Intelligence Weekly WordPress Vulnerability Report (June 8, 2026 to June 14, 2026)Wordfence Blog · Jun 18, 2026