Cross-Site Request Forgery Vulnerability in Call me Now Plugin by Tussendoor
CVE-2025-23745

7.1HIGH

Key Information:

Vendor: WordPress
Status: Call Me Now
Vendor: CVE Published:; 16 January 2025

Summary

A vulnerability exists in the Call me Now plugin developed by Tussendoor, which is susceptible to Cross-Site Request Forgery (CSRF) attacks. Exploiting this vulnerability can allow malicious actors to trigger unauthorized actions on behalf of authenticated users, ultimately leading to Stored Cross-Site Scripting (XSS) issues. This security flaw poses significant risks to the integrity and confidentiality of user data and can undermine the trustworthiness of applications that rely on the plugin. It is crucial for users to implement necessary updates and security measures to mitigate these risks.

Affected Version(s)

Call me Now <= 1.0.5

References

https://patchstack.com/database/wordpress/plugin/call-me-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)