CVE-2024-4704
Contact Form 7 < 5.9.5 - Unauthenticated Open RedirectThe Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
We have discovered 1,408,504 live websites that are affected by CVE-2024-4704.
Affected Software
| Product |  Contact Form 7 |
| Category | Form Builders |
| Vulnerable Domains | 1,408,504 live websites (39% of Contact Form 7 install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 106 versions ( 83% of all versions) |
Common Weakness Enumeration
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')Details
- Published - Jun 27, 2024
- Updated - Aug 1, 2024
Credits
- William Bastos - cHoR4o (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-4704 United States | 264,883 websites |
 Japan | 138,451 websites |
 Germany | 137,792 websites |
 France | 90,959 websites |
 Italy | 81,465 websites |
 Russia | 66,244 websites |
 GB | 56,059 websites |
 Poland | 44,195 websites |
 Spain | 44,164 websites |
 Netherlands | 43,040 websites |
Website Distribution by TLD
Number of websites using CVE-2024-4704| .com | 539,619 websites |
| .de | 76,889 websites |
| .it | 56,800 websites |
| .ru | 53,639 websites |
| .org | 44,044 websites |
| .nl | 37,847 websites |
| .fr | 37,261 websites |
| .co.uk | 36,583 websites |
| .net | 35,399 websites |
| .pl | 33,415 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-4704
Top websites that are affected by CVE-2024-4704. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.br |  Brazil | *** | |
| ********.com |  Singapore | *,*** | |
| ************.com | United States | *,*** | |
| *******.org | United States | *,*** | |
| *********.com | United States | *,*** | |
| ***************.com | United States | *,*** | |
| *********.com | United States | *,*** | |
| ***********.org | United States | *,*** | |
| *****.****.br | Brazil | *,*** | |
| *********.com | United States | *,*** |
FAQ
CVE-2024-4704 is URL Redirection to Untrusted Site ('Open Redirect') in Contact Form 7
A total of 1,408,504 websites have been identified as vulnerable to CVE-2024-4704, based on global website indexing conducted by WebTechSurvey.
The Contact Form 7 is affected by the CVE-2024-4704 vulnerability.
Contact Form 7 versions up to 5.9.5 are vulnerable to CVE-2024-4704.
CVE-2024-4704 is resolved in version 5.9.5 of Contact Form 7.