6 matches found
CVE-2025-15609
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...
CVE-2025-15609
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...
EUVD-2025-209890
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...
CVE-2025-15609 Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...
CVE-2025-15609
The CVE-2025-15609 entry concerns the Fortis for WooCommerce WordPress plugin prior to version 1.3.1. The vulnerability allows unauthenticated attackers to leak sensitive API keys and query Fortis’ API, enabling retrieval of sensitive customer data (e.g., past orders and PII). The available sourc...
CVE-2025-13168 ury-erp ury pos_extend.py overrided_past_order_list sql injection
A weakness has been identified in ury-erp ury up to 0.2.0. This affects the function overridedpastorderlist of the file ury/ury/api/posextend.py. This manipulation of the argument searchterm causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...