CVE-2024-2242
The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
We have discovered 1,350,975 live websites that are affected by CVE-2024-2242.
Affected Software
| Product |  Contact Form 7 |
| Category | Form Builders |
| Vulnerable Domains | 1,350,975 live websites (38% of Contact Form 7 install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 103 versions ( 80% of all versions) |
Details
- Published - Mar 13, 2024
- Updated - Aug 1, 2024
Credits
- Asaf Mozes (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2024-2242 United States | 253,855 websites |
 Japan | 134,279 websites |
 Germany | 131,512 websites |
 France | 87,649 websites |
 Italy | 78,425 websites |
 Russia | 64,255 websites |
 GB | 53,559 websites |
 Poland | 42,483 websites |
 Spain | 42,252 websites |
 Netherlands | 40,147 websites |
Website Distribution by TLD
Number of websites using CVE-2024-2242| .com | 518,006 websites |
| .de | 73,258 websites |
| .it | 54,575 websites |
| .ru | 51,984 websites |
| .org | 42,191 websites |
| .fr | 35,939 websites |
| .nl | 35,253 websites |
| .co.uk | 35,016 websites |
| .net | 34,145 websites |
| .pl | 32,172 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-2242
Top websites that are affected by CVE-2024-2242. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.br |  Brazil | *** | |
| ********.com |  Singapore | *,*** | |
| ************.com | United States | *,*** | |
| *******.org | United States | *,*** | |
| *********.com | United States | *,*** | |
| ***************.com | United States | *,*** | |
| *********.com | United States | *,*** | |
| *****.****.br | Brazil | *,*** | |
| *********.com | United States | *,*** | |
| ********.****.br | Brazil | *,*** |
FAQ
A total of 1,350,975 websites have been identified as vulnerable to CVE-2024-2242, based on global website indexing conducted by WebTechSurvey.
The Contact Form 7 is affected by the CVE-2024-2242 vulnerability.
Contact Form 7 versions up to and including 5.9 are vulnerable to CVE-2024-2242.