Filtered by vendor Fortispay
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0679 | 3 Fortispay, Woocommerce, Wordpress | 3 Fortis For Woocommerce, Woocommerce, Wordpress | 2026-02-04 | 5.3 Medium |
| The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'check_fortis_notify_response' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order statuses to paid/processing/completed, effectively allowing them to mark orders as paid without payment. | ||||
Page 1 of 1.