Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial – Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through <= 1.7.3.
Published: 2025-04-01
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of input during page generation, allowing a reflected XSS. An attacker can inject malicious JavaScript through crafted requests, executing code in a victim’s browser. This can lead to session hijacking, phishing, or defacement, and the weakness is labeled CWE‑79.

Affected Systems

WordPress plugin ‘Plugin Oficial – Getnet para WooCommerce’ from vendor lisandragetnet is affected for all versions up to and including 1.7.3. No other products or vendor versions are listed.

Risk and Exploitability

The CVSS score of 7.1 indicates high severity for client‑side attacks, while the EPSS score of < 1% reflects a low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Attackers can exploit it by crafting a URL or form that embeds malicious input; the plugin then reflects this input back to the browser, impacting the victim’s session while requiring no persistence on the server.

Generated by OpenCVE AI on May 1, 2026 at 01:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Plugin Oficial – Getnet para WooCommerce to version 1.7.4 or newer to remove the reflected XSS flaw.
  • If an upgrade cannot be performed immediately, disable or remove any plugin functionality that echoes or outputs user‑supplied data without proper sanitization.
  • Implement a Web Application Firewall rule or use security plugins to block or escape script payloads targeting the plugin’s endpoints.

Generated by OpenCVE AI on May 1, 2026 at 01:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9465 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coffee Code Tech Plugin Oficial – Getnet para WooCommerce allows Reflected XSS. This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through 1.7.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coffee Code Tech Plugin Oficial – Getnet para WooCommerce allows Reflected XSS. This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through 1.7.3. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lisandragetnet Plugin Oficial – Getnet para WooCommerce wc-checkout-getnet allows Reflected XSS.This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through <= 1.7.3.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 02 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 21:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coffee Code Tech Plugin Oficial – Getnet para WooCommerce allows Reflected XSS. This issue affects Plugin Oficial – Getnet para WooCommerce: from n/a through 1.7.3.
Title WordPress Plugin Oficial – Getnet para WooCommerce plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:00.252Z

Reserved: 2025-03-26T09:21:38.618Z

Link: CVE-2025-30906

cve-icon Vulnrichment

Updated: 2025-04-02T13:43:33.205Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T21:15:46.010

Modified: 2026-04-23T15:27:18.110

Link: CVE-2025-30906

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T01:30:05Z

Weaknesses