CVE-2026-0679

Name of the Vulnerable Software and Affected Versions Fortis for WooCommerce versions up to and including 1.2.0

Description The Fortis for WooCommerce plugin for WordPress has an authorization bypass issue because of an incorrect nonce check within the check fortis notify response function. This allows unauthenticated attackers to modify WooCommerce order statuses to paid, processing, or completed, potentially enabling fraudulent order marking as paid without actual payment. The issue affects the wc-api endpoint.

Recommendations Update Fortis for WooCommerce to a version later than 1.2.0.