VulnCheck KEV: CVE-2024-11350

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforestresetpassword function. This makes it...

VulnCheck KEV: CVE-2024-11349

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sbloginuserwithotpfun function. This makes it possible for unauthenticat...

WordPress AdForest theme <= 6.0.12 - Authentication Bypass vulnerability

Authentication Bypass vulnerability discovered by Phat RiO - BlueRock in WordPress Theme AdForest versions = 6.0.12...

CVE-2026-1729

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...

Exploit for CVE-2026-1729

CVE-2026-1729 - AdForest WordPress Authentication Bypass PoC...

CVE-2026-1729

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...

CVE-2026-1729 AdForest <= 6.0.12 - Authentication Bypass

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...

CVE-2026-1729 AdForest <= 6.0.12 - Authentication Bypass

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sbloginuserwithotpfun' function. This makes it possible for...

CVE-2026-1729

CVE-2026-1729 concerns the AdForest WordPress theme. It describes an authentication bypass in the function sb_login_user_with_otp_fun, allowing unauthenticated attackers to log in as arbitrary users (including administrators) in all versions up to and including 6.0.12. The underlying cause is imp...

WordPress plugin AdForest 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-7806

Name of the Vulnerable Software and Affected Versions AdForest versions up to and including 6.0.12 Description The AdForest theme for WordPress is susceptible to authentication bypass. The issue stems from insufficient user identity verification before authentication via the sb login user with ot...

CVE-2025-67946

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through = 6.0.11...

CVE-2025-67947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through = 3.0.11...

CVE-2025-67947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through = 3.0.11...

CVE-2025-67946

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through = 6.0.11...

CVE-2025-67947 WordPress AdForest Elementor plugin <= 3.0.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through = 3.0.11...

CVE-2025-67947

CVE-2025-67947 affects AdForest Elementor (adforest-elementor) for WordPress, with an unauthenticated Reflected XSS due to improper input handling during web page generation. Affected version range:

CVE-2025-67947

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle AdForest Elementor adforest-elementor allows Reflected XSS.This issue affects AdForest Elementor: from n/a through = 3.0.11...

CVE-2025-67946

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through = 6.0.11...

CVE-2025-67946

CVE-2025-67946 affects the WordPress theme AdForest (AdForest: &lt;= 6.0.11). The issue is described as an improper control of the filename for include/require, leading to a Local File Inclusion (LFI) vulnerability (initial description mentions a PHP Remote File Inclusion context but the observab...