Lucene search
K

4 matches found

CVE
CVE
added 2024/12/21 4:22 a.m.83 views

CVE-2024-11349

The CVE-2024-11349 entry concerns the AdForest WordPress theme (≤5.1.6). The vulnerability is an authentication bypass caused by the plugin not properly verifying a user's identity before authenticating via sb_login_user_with_otp_fun(). As a result, unauthenticated attackers can log in as arbitra...

9.8CVSS9.6AI score0.01205EPSS
In wild
CVE
CVE
added 2025/01/08 8:18 a.m.62 views

CVE-2024-11350

The CVE-2024-11350 entry concerns the WordPress AdForest theme (versions up to and including 5.1.6). Technical details from connected sources show a privilege escalation via account takeover: the plugin does not properly validate a user’s identity before updating passwords in adforest_reset_passw...

9.8CVSS9.8AI score0.00672EPSS
In wild
CVE
CVE
added 2025/01/22 7:3 a.m.61 views

CVE-2024-12857

The CVE-2024-12857 entry concerns the AdForest WordPress theme (versions up to 5.1.8). The issue is an authentication bypass where the plugin does not properly verify a user’s identity before logging them in as that user, enabling unauthenticated attackers to authenticate as any user if OTP login...

9.8CVSS9.6AI score0.00719EPSS
CVE
CVE
added 2025/01/08 8:18 a.m.51 views

CVE-2024-12855

CVE-2024-12855: AdForest WordPress theme (AdForest) is vulnerable due to a missing capability check on multiple AJAX actions (e.g., sb_remove_ad) across versions up to 5.1.7, allowing authenticated users with Subscriber-level access and above to delete posts/attachments and deactivate a license. ...

5.4CVSS4.4AI score0.00263EPSS