What is GHSA-4vhv-3qc3-cx8p?

GHSA-4vhv-3qc3-cx8p is a security advisory published by GitHub Security Advisories with High severity. The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to...

Which CVE IDs does GHSA-4vhv-3qc3-cx8p cover?

GHSA-4vhv-3qc3-cx8p covers the following CVE IDs: CVE-2025-15609. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-4vhv-3qc3-cx8p?

GHSA-4vhv-3qc3-cx8p has a CVSS v3 base score of 7.5, published by GitHub Security Advisories.

GHSA-4vhv-3qc3-cx8pHighCVSS 7.5

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to...

Vendor

GitHub Security Advisories

Published

May 19, 2026

Last Modified

May 19, 2026

🔗 CVE IDs covered (1)

CVE-2025-15609 →

📋 Description

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2025-15609
https://wpscan.com/vulnerability/220f72ea-e3b4-44c9-8c9b-15662aebb6cb
https://github.com/advisories/GHSA-4vhv-3qc3-cx8p