Lucene search
William Bastos - cHoR4oWPEX-ID:8BDCDB5A-9026-4157-8592-345DF8FB1A17HistoryJun 05, 2024 - 12:00 a.m.
Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
2024-06-0500:00:00
William Bastos - cHoR4o
27
contact form
footer widget
disable javascript
open redirect
exploit
Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
1. Add a form to a footer widget area
2. Disable JavaScript
3. Access the URL: `https://example.com/%0a/google.com`
4. Fill out the form and submit
5. The browser will be redirected to `google.com`Related
wpvulndb
wpvulndb
Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
2024-06-05 00:00:00
vulnrichment
vulnrichment
CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
2024-06-27 06:00:04
cve
cve
CVE-2024-4704
2024-06-27 06:15:14
cvelist
cvelist
CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
2024-06-27 06:00:04
nvd
nvd
CVE-2024-4704
2024-06-27 06:15:14
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:8BDCDB5A-9026-4157-8592-345DF8FB1A17