cleantalk
Vulnerabilities and Security Researches

Call Now Button – The #1 Click to Call Button for WordPress, CVE-2025-24738

CVE, Research URL

CVE-2025-24738

Home page URL

Security reports for Call Now Button – The #1 Click to Call Button for WordPress

Application

Call Now Button – The #1 Click to Call Button for WordPress

Published on
Jan 24, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in NowButtons.com Call Now Button allows Cross Site Request Forgery. This issue affects Call Now Button: from n/a through 1.4.13.
Affected versions
max 1.4.14.
Status
vulnerable
Previous vulnerability researches
Call Now Button – The #1 Click to Call Button for WordPress (CVE-2025-11632) , Nov 11, 2025
Call Now Button – The #1 Click to Call Button for WordPress (CVE-2025-11587) , Nov 11, 2025
Call Now Button – The #1 Click to Call Button for WordPress , Jul 24, 2024
Call Now Button – The #1 Click to Call Button for WordPress (CVE-2025-24738) , Jan 25, 2025
Call Now Button – The #1 Click to Call Button for WordPress (CVE-2022-1455) , Jun 06, 2024
New vulnerability
JB News Ticker (CVE-2025-11804) , Nov 11, 2025
My auctions allegro (CVE-2025-10048) , Nov 11, 2025
Sertifier Certificates & Open Badges – Tutor LMS (CVE-2025-53214) , Nov 11, 2025
Toast Mobile Menu – PageSpeed Insights Friendly (CVE-2025-53238) , Nov 11, 2025
Stripe Payment forms for WordPress Plugin – WP Full Pay (CVE-2025-9322) , Nov 11, 2025