EUVD-2023-57394

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

CallRail Phone Call Tracking plugin for WordPress vulnerable to Stored Cross-Site Scripting attacks.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2023-5051	27 Oct 202312:27	–	circl
CNNVD	WordPress plugin CallRail Phone Call Tracking Cross-Site Scripting Vulnerability	27 Oct 202300:00	–	cnnvd
CVE	CVE-2023-5051	27 Oct 202303:16	–	cve
Cvelist	CVE-2023-5051 CallRail Phone Call Tracking <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	27 Oct 202303:16	–	cvelist
NVD	CVE-2023-5051	27 Oct 202304:15	–	nvd
Patchstack	WordPress CallRail Phone Call Tracking Plugin <= 0.5.2 is vulnerable to Cross Site Scripting (XSS)	24 Oct 202300:00	–	patchstack
Prion	Cross site scripting	27 Oct 202304:15	–	prion
Positive Technologies	PT-2023-31581 · Callrail · Callrail Phone Call Tracking Plugin	27 Oct 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-5051	23 May 202502:39	–	redhatcve
Vulnrichment	CVE-2023-5051 CallRail Phone Call Tracking <= 0.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	27 Oct 202303:16	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "840b050f-ca71-3a67-89c4-1e45fd52b94f",
        "vendor": {
          "name": "callrail"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "fd6e2782-5b0b-3210-bdcb-5e2855a32b3d",
        "product": {
          "name": "CallRail Phone Call Tracking"
        },
        "product_version": "* ≤0.5.2"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/35def866-7460-4cad-8d86-7b9e4905cbe4
plugins	www.plugins.trac.wordpress.org/browser/callrail-phone-call-tracking/tags/0.5.2/callrail.php
plugins	www.plugins.trac.wordpress.org/changeset/2982876/callrail-phone-call-tracking

03 Oct 2025 20:07Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.15.4 - 6.4

EPSS0.00114

SSVC

vulnerability stored cross-site scripting wordpress plugin callrail