{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T23:57:04.206","vulnerabilities":[{"cve":{"id":"CVE-2025-24586","sourceIdentifier":"audit@patchstack.com","published":"2025-04-17T16:15:32.243","lastModified":"2026-04-01T17:17:50.937","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bitsstech Shipment Tracker for Woocommerce shipment-tracker-for-woocommerce allows Reflected XSS.This issue affects Shipment Tracker for Woocommerce: from n\/a through <= 1.4.23."},{"lang":"es","value":"La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en bitsstech Shipment Tracker for Woocommerce permite XSS reflejado. Este problema afecta al rastreador de envíos para Woocommerce desde n\/d hasta la versión 1.4.23."}],"metrics":{},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https:\/\/patchstack.com\/database\/Wordpress\/Plugin\/shipment-tracker-for-woocommerce\/vulnerability\/wordpress-shipment-tracker-for-woocommerce-plugin-1-4-23-cross-site-scripting-xss-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}}]}