| CVE-2026-4118 | Call To Action Plugin <= 3.1.3 - Cross-Site Request Forgery via Settings Update | tmarek | Call To Action Plugin | Medium | 4.3 | 2026-04-22 07:45:37 | Deep Dive |
| CVE-2026-32062 | OpenClaw 2026.2.21-2 < 2026.2.22 - Unauthenticated WebSocket Resource Exhaustion via Media Stream | openclaw | openclaw | High | 7.5 | 2026-03-11 13:32:36 | Deep Dive |
| CVE-2026-28465 | OpenClaw voice-call < 2026.2.3 - Webhook Verification Bypass via Forwarded Headers | OpenClaw | voice-call | Medium | 5.9 | 2026-03-05 21:59:42 | Deep Dive |
| CVE-2026-1215 | MMA Call Tracking <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update | messagemetric | MMA Call Tracking | Medium | 4.3 | 2026-02-11 08:26:26 | Deep Dive |
| CVE-2025-14428 | My Sticky Elements <= 2.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion | premio | All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs – My Sticky Elements | Medium | 4.3 | 2026-01-01 16:19:31 | Deep Dive |
| CVE-2025-2155 | Arbitrary File Upload in EchoCCS's Specto CM | Echo Call Center Services Trade and Industry Inc. | Specto CM | High | 8.8 | 2025-12-24 14:31:08 | Deep Dive |
| CVE-2025-2154 | Stored XSS in EchoCCS's Specto CM | Echo Call Center Services Trade and Industry Inc. | Specto CM | Medium | 5.4 | 2025-12-24 14:26:48 | Deep Dive |
| CVE-2025-11587 | Call Now Button <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update | jgrietveld | Call Now Button – The #1 Click to Call Button for WordPress | Medium | 4.3 | 2025-10-29 12:31:52 | Deep Dive |
| CVE-2025-11632 | Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions | jgrietveld | Call Now Button – The #1 Click to Call Button for WordPress | Medium | 4.3 | 2025-10-29 12:31:51 | Deep Dive |
| CVE-2025-50024 | WordPress ATP Call Now plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability | Truong Thanh | ATP Call Now | Medium | 5.9 | 2025-06-20 15:03:57 | Deep Dive |
| CVE-2025-1041 | Avaya Call Management System RCE vulnerability | Avaya | Avaya Call Management System | Critical | 9.9 | 2025-06-10 06:05:26 | Deep Dive |
| CVE-2025-47529 | WordPress Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin <= 1.1.1 - Settings Change Vulnerability | UX Design Experts | Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin | Medium | 6.5 | 2025-05-23 12:43:33 | Deep Dive |
| CVE-2025-46492 | WordPress Call Now PHT Blog plugin <= 2.4.1 - CSRF to XSS vulnerability | Pham Thanh | Call Now PHT Blog | High | 7.1 | 2025-04-24 16:08:51 | Deep Dive |
| CVE-2025-32483 | WordPress Request Call Back plugin <= 1.4.1 - Cross Site Scripting (XSS) Vulnerability | Scott Salisbury | Request Call Back | Medium | 5.9 | 2025-04-09 16:09:53 | Deep Dive |
| CVE-2025-32616 | WordPress Nimbata Call Tracking plugin <= 1.8.0 - Cross Site Request Forgery (CSRF) vulnerability | nimbata | Nimbata Call Tracking | High | 7.1 | 2025-04-09 16:09:28 | Deep Dive |
| CVE-2025-2916 | Aishida Call Center System amr2mp3 command injection | Aishida | Call Center System | Medium | 6.3 | 2025-03-28 17:00:11 | Deep Dive |
| CVE-2025-1450 | Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty <= 3.3.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting | premio | Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty | Medium | 6.4 | 2025-02-27 09:21:49 | Deep Dive |
| CVE-2025-0822 | Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 6.5 | 2025-02-15 12:43:03 | Deep Dive |
| CVE-2025-23742 | WordPress Podamibe Twilio Private Call plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability | Podamibe Nepal | Podamibe Twilio Private Call | High | 7.1 | 2025-02-14 12:44:31 | Deep Dive |
| CVE-2025-0821 | Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter | bitpressadmin | Chat Widget: Floating Customer Support Button for 30+ Channels, Supporting SMS, Calls, and Chat – Bit Assist | Medium | 6.5 | 2025-02-14 11:10:58 | Deep Dive |