CVE-2024-11349

CVE-2024-11349: AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to 5.1.6 due to improper verification before authenticating via sb_login_user_with_otp_fun(). This allows unauthenticated attackers to log in as arbitrary users, including administrators. CVSS v...

CVE-2024-11350

The CVE-2024-11350 issue affects the WordPress AdForest theme (versions up to and including 5.1.6). The root cause is improper identity validation in the adforest_reset_password() function, permitting unauthenticated attackers to change arbitrary user passwords (including administrators) and gain...

CVE-2024-12857

The CVE-2024-12857 entry concerns the AdForest WordPress theme (versions up to 5.1.8). The issue is an authentication bypass where the plugin does not properly verify a user’s identity before logging them in as that user, enabling unauthenticated attackers to authenticate as any user if OTP login...

CVE-2024-12855

CVE-2024-12855: AdForest WordPress theme (AdForest) is vulnerable due to a missing capability check on multiple AJAX actions (e.g., sb_remove_ad) across versions up to 5.1.7, allowing authenticated users with Subscriber-level access and above to delete posts/attachments and deactivate a license. ...