Lucene search
HistorySep 01, 2022 - 5:15 p.m.
CVE-2022-36796
cve-2022-36796
csrf
xss
callrail
wordpress
nvd
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.1%
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress.
Affected configurations
Node
callrail\,_inc.callrail_phone_call_tracking_\(wordpress_plugin\)Range≤0.4.9
| CPE | Name | Operator | Version |
|---|---|---|---|
| callrail:callrail_phone_call_tracking | callrail callrail phone call tracking | le | 0.4.9 |
CNA Affected
[
{
"product": "CallRail Phone Call Tracking (WordPress plugin)",
"vendor": "CallRail, Inc.",
"versions": [
{
"lessThanOrEqual": "0.4.9",
"status": "affected",
"version": "<= 0.4.9",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
nvd
nvd
CVE-2022-36796
2022-09-01 17:15:08
wpvulndb
wpvulndb
CallRail Phone Call Tracking < 0.4.10 - Stored XSS via CSRF
2022-09-01 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-09-01 17:15:00
patchstack
patchstack
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
21.1%
Related for CVE-2022-36796