What is CVE-2025-15609?

CVE-2025-15609 is a high-severity vulnerability in Fortis For Woocommerce, classified under CWE-200 INFORMATION EXPOSURE. CVSS score: 7.5/10. Published 2026-05-19.

How severe is CVE-2025-15609?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Fortis For Woocommerce

CVE-2025-15609

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

EPSS: 0.000 (8.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Unknown Fortis For Woocommerce — versions 0

References

contact@wpscan.com (technical-description, exploit, vdb-entry)

Frequently asked questions

What is CVE-2025-15609?: CVE-2025-15609 is a high-severity vulnerability in Fortis For Woocommerce, classified under CWE-200 INFORMATION EXPOSURE. CVSS score: 7.5/10. Published 2026-05-19.
How severe is CVE-2025-15609?: High severity. CVSS v3 base score is 7.5 out of 10.