CVE-2022-36796

2022-09-0117:15:08

CWE-79

CWE-352

[email protected]

web.nvd.nist.gov

cve-2022-36796

cross-site request forgery

stored cross-site scripting

callrail inc

wordpress

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

21.0%

JSON

Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress.

Affected configurations

NVD

Node

callrailcallrail_phone_call_trackingRange≤0.4.9wordpress

References

patchstack.com/database/vulnerability/callrail-phone-call-tracking/wordpress-callrail-phone-call-tracking-plugin-0-4-9-cross-site-request-forgery-csrf-vulnerability-leading-to-stored-cross-site-scripting-xss

wordpress.org/plugins/callrail-phone-call-tracking/