Lucene search
William Bastos - cHoR4oWPVDB-ID:8BDCDB5A-9026-4157-8592-345DF8FB1A17HistoryJun 05, 2024 - 12:00 a.m.
Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
2024-06-0500:00:00
William Bastos - cHoR4o
wpscan.com
14
contact form 7
unauthenticated
open redirect
browser
vulnerability
widget
javascript
url
Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
PoC
1. Add a form to a footer widget area 2. Disable JavaScript 3. Access the URL: https://example.com/%0a/google.com 4. Fill out the form and submit 5. The browser will be redirected to google.com
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 5.9.5 |
Related
wpexploit
wpexploit
Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
2024-06-05 00:00:00
nvd
nvd
CVE-2024-4704
2024-06-27 06:15:14
cvelist
cvelist
CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
2024-06-27 06:00:04
cve
cve
CVE-2024-4704
2024-06-27 06:15:14
vulnrichment
vulnrichment
CVE-2024-4704 Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect
2024-06-27 06:00:04
6.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for WPVDB-ID:8BDCDB5A-9026-4157-8592-345DF8FB1A17