CVE-2022-36796
MEDIUMCallRail Phone Call Tracking <= 0.4.9 - Cross-Site Request Forgery Leading to Stored Cross-Site Scripting
Title source: llmDescription
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://patchstack.com/database/vulnerability/callrail-phone-call-tracking/wordpress-callrail-phone-call-tracking-plugin-0-4-9-cross-site-request-forgery-csrf-vulnerability-leading-to-stored-cross-site-scripting-xss
Product, Third Party Advisory x_refsource_confirm
https://wordpress.org/plugins/callrail-phone-call-tracking/
Scores
CVSS v3
6.1
EPSS
0.0030
EPSS Percentile
21.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-352
CWE-79
Status
published
Products (2)
callrail/callrail_phone_call_tracking
< 0.4.9
CallRail, Inc./CallRail Phone Call Tracking (WordPress plugin)
<= 0.4.9 - 0.4.9
Published
Sep 01, 2022
Tracked Since
Feb 18, 2026