cleantalk
Vulnerabilities and Security Researches

Call Now Button – The #1 Click to Call Button for WordPress, CVE-2022-1455

CVE, Research URL

CVE-2022-1455

Home page URL

Security reports for Call Now Button – The #1 Click to Call Button for WordPress

Application

Call Now Button – The #1 Click to Call Button for WordPress

Published on
May 16, 2022
Research Description
The Call Now Button WordPress plugin before 1.1.2 does not escape a parameter before outputting it back in an attribute of a hidden input, leading to a Reflected Cross-Site Scripting when the premium is enabled
Affected versions
max 1.1.2.
Status
vulnerable
Previous vulnerability researches
Call Now Button – The #1 Click to Call Button for WordPress (CVE-2025-11632) , Nov 11, 2025
Call Now Button – The #1 Click to Call Button for WordPress (CVE-2025-11587) , Nov 11, 2025
Call Now Button – The #1 Click to Call Button for WordPress , Jul 24, 2024
Call Now Button – The #1 Click to Call Button for WordPress (CVE-2025-24738) , Jan 25, 2025
Call Now Button – The #1 Click to Call Button for WordPress (CVE-2022-1455) , Jun 06, 2024
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates & Open Badges – Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu – PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025