Hi @stapolin We’re aware of the issue that’s been flagged and we’re working on releasing a patch as soon as possible.
One of my sites has got hacked so far and I got a notice from Google that malicious software was detected and the client’s Google Ads got disapproved. I have the plug-in installed on probably 15+ other sites as well.
CallRail has identified a vulnerability in our WordPress plugin, with a low classification of exploitability (1.6 on the CVSS scale). This vulnerability requires an admin user at your organization to take action (such as clicking a button on an attacker controlled website) to execute. We are working as quickly as we can to get this issue resolved, and expect to have a fix published in the next week. In the meantime, you may continue to use your CallRail WordPress plugin, but we recommend being vigilant about the sites you visit and the links you click, specifically links sent to you from unexpected sources. Logging out of WordPress after performing administrative tasks will provide complete protection from the vulnerability. We apologize for any inconvenience.
@lauracallrail Thank you for the update.
Hi @stapolin This is addressed in version 0.4.10, please update as soon as you’re able to. Thank you!
