Unrated severityNVD Advisory· Published Sep 1, 2022· Updated Apr 28, 2026
WordPress CallRail Phone Call Tracking plugin <= 0.4.9 - Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS)
CVE-2022-36796
Description
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=0.4.9
- CallRail, Inc./CallRail Phone Call Tracking (WordPress plugin)v5Range: <= 0.4.9
Patches
Vulnerability mechanics
References
2- patchstack.com/database/vulnerability/callrail-phone-call-tracking/wordpress-callrail-phone-call-tracking-plugin-0-4-9-cross-site-request-forgery-csrf-vulnerability-leading-to-stored-cross-site-scripting-xssmitrex_refsource_CONFIRM
- wordpress.org/plugins/callrail-phone-call-tracking/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.