{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-30906", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-03-26T09:21:38.618Z", "datePublished": "2025-04-01T20:58:08.092Z", "dateUpdated": "2026-04-28T16:12:00.252Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wc-checkout-getnet", "product": "Plugin Oficial \u2013 Getnet para WooCommerce", "vendor": "lisandragetnet", "versions": [{"changes": [{"at": "1.8.0", "status": "unaffected"}], "lessThanOrEqual": "1.7.3", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:36:38.503Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial \u2013 Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.<p>This issue affects Plugin Oficial \u2013 Getnet para WooCommerce: from n/a through <= 1.7.3.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial \u2013 Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.This issue affects Plugin Oficial \u2013 Getnet para WooCommerce: from n/a through <= 1.7.3."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "Reflected XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:12:00.252Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wc-checkout-getnet/vulnerability/wordpress-plugin-oficial-getnet-para-woocommerce-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress Plugin Oficial \u2013 Getnet para WooCommerce plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-02T13:43:29.385603Z", "id": "CVE-2025-30906", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T13:43:36.918Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30906", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-02T13:43:29.385603Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T13:43:33.205Z"}}], "cna": {"title": "WordPress Plugin Oficial \u2013 Getnet para WooCommerce plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "Reflected XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "lisandragetnet", "product": "Plugin Oficial \u2013 Getnet para WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "1.8.0", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "1.7.3"}], "packageName": "wc-checkout-getnet", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:30:52.095Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wc-checkout-getnet/vulnerability/wordpress-plugin-oficial-getnet-para-woocommerce-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial \u2013 Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.This issue affects Plugin Oficial \u2013 Getnet para WooCommerce: from n/a through <= 1.7.3.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial \u2013 Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.<p>This issue affects Plugin Oficial \u2013 Getnet para WooCommerce: from n/a through <= 1.7.3.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:07:04.039Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30906", "state": "PUBLISHED", "dateUpdated": "2026-04-23T14:07:04.039Z", "dateReserved": "2025-03-26T09:21:38.618Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-04-01T20:58:08.092Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial \u2013 Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.This issue affects Plugin Oficial \u2013 Getnet para WooCommerce: from n/a through <= 1.7.3."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Coffee Code Tech Plugin Oficial \u2013 Getnet para WooCommerce permite XSS reflejado. Este problema afecta al plugin oficial de Coffee Code Tech, Getnet para WooCommerce, desde la versi\u00f3n n/a hasta la 1.7.3."}], "id": "CVE-2025-30906", "lastModified": "2026-04-23T15:27:18.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-04-01T21:15:46.010", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/wc-checkout-getnet/vulnerability/wordpress-plugin-oficial-getnet-para-woocommerce-plugin-1-7-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2026-05-01T01:30:05.882162+00:00", "updated": "2026-05-01T01:30:05.882173+00:00", "vendors": []}