CVE-2026-1215

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions WordPress plugin MMA Call Tracking versions prior to 2.3.16

Description The MMA Call Tracking plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF). This is because of a lack of nonce validation when saving plugin configuration on the mma call tracking menu admin page. An attacker could potentially modify call tracking configuration settings by tricking a site administrator into performing an action, such as clicking a malicious link. The vulnerable setting is modified via a forged request.

Recommendations Update the MMA Call Tracking plugin to version 2.3.16 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2026-1215

Affected Products

Mma Call Tracking

CVE-2026-1215

Weakness Enumeration

Related Identifiers

Affected Products

References · 8