WordPress Plugin Vulnerabilities

Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect

Description

The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.

Proof of Concept

Affects Plugins

Plugin icon
contact-form-7
Fixed in 5.9.5

References

CVE
CVE-2024-4704

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
William Bastos - cHoR4o
Submitter
William Bastos - cHoR4o
Verified
Yes
WPVDB ID
8bdcdb5a-9026-4157-8592-345df8fb1a17

Timeline

Publicly Published
2024-06-05 (about 1 year ago)
Added
2024-06-05 (about 1 year ago)
Last Updated
2024-06-05 (about 1 year ago)

Other

Published
Title
Published
2025-04-07
Title
Advanced Advertising System <= 1.3.1 - Open Redirect
Published
2025-08-14
Title
elink <= 1.1.0 - Contributor+ Arbitrary Redirect
Published
2025-02-23
Title
WPO365 | MICROSOFT 365 GRAPH MAILER < 3.3 - Open Redirect via 'redirect_to' Parameter
Published
2025-07-30
Title
Connector for Gravity Forms and Google Sheets < 1.2.5 - Open Redirect
Published
2019-10-21
Title
Bridge Theme < 18.2.1 - Open Redirect