CVE-2024-3032: Themify Builder < 7.5.8 - Open Redirect

Description

Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

Classification

CVE ID: CVE-2024-3032

Problem Types

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Affected Products

Vendor: Unknown

Product: Themify Builder

Nuclei Template

http/cves/2024/CVE-2024-3032.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.94% (probability of being exploited)

EPSS Percentile: 74.85% (scored less or equal to compared to others)

EPSS Date: 2025-04-15 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-3032
https://wpscan.com/vulnerability/d130a60c-c36b-4994-9b0e-e52cd7f99387/

Timeline

2025-03-17 18:40:10 UTC
CVE

Themify Builder < 7.5.8 - Open Redirect