| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-11587 | Call Now Button <= 1.5.3 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Settings Update | jgrietveld | Call Now Button – The #1 Click to Call Button for WordPress | Medium | 4.3 | 2025-10-29 12:31:52 | Deep Dive |
| CVE-2025-11632 | Call Now Button <= 1.5.4 - Authenticated (Subscriber+) Missing Authorization to Multiple Functions | jgrietveld | Call Now Button – The #1 Click to Call Button for WordPress | Medium | 4.3 | 2025-10-29 12:31:51 | Deep Dive |
| CVE-2025-24738 | WordPress Call Now Button plugin <= 1.4.13 - Cross Site Request Forgery (CSRF) vulnerability | Jerry Rietveld | Call Now Button | Medium | 4.3 | 2025-01-24 17:25:15 | Deep Dive |
| CVE-2024-2908 | Call Now Button < 1.4.7 - Admin+ Stored XSS | Unknown | Call Now Button | - | - | 2024-04-26 05:00:04 | Deep Dive |
| CVE-2023-2635 | Call Now Accessibility Button < 1.1 - Admin+ Stored XSS | Unknown | Call Now Accessibility Button | 中危 | - | 2023-07-10 12:41:08 | Deep Dive |
| CVE-2023-2028 | Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting | Unknown | Call Now Accessibility Button | 中危 | - | 2023-07-10 12:40:57 | Deep Dive |
| CVE-2023-28933 | WordPress Call Now Accessibility Button Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) | StPeteDesign | Call Now Accessibility Button | Medium | 5.9 | 2023-06-12 15:10:02 | Deep Dive |
| CVE-2022-1455 | Call Now Button < 1.1.2 - Reflected Cross-Site Scripting | Unknown | Call Now Button | 中危 | - | 2022-05-16 14:31:07 | Deep Dive |