4 matches found
CVE-2024-11349
The CVE-2024-11349 entry concerns the AdForest WordPress theme (≤5.1.6). The vulnerability is an authentication bypass caused by the plugin not properly verifying a user's identity before authenticating via sb_login_user_with_otp_fun(). As a result, unauthenticated attackers can log in as arbitra...
CVE-2024-11350
The CVE-2024-11350 entry concerns the WordPress AdForest theme (versions up to and including 5.1.6). Technical details from connected sources show a privilege escalation via account takeover: the plugin does not properly validate a user’s identity before updating passwords in adforest_reset_passw...
CVE-2024-12857
The CVE-2024-12857 entry concerns the AdForest WordPress theme (versions up to 5.1.8). The issue is an authentication bypass where the plugin does not properly verify a user’s identity before logging them in as that user, enabling unauthenticated attackers to authenticate as any user if OTP login...
CVE-2024-12855
CVE-2024-12855: AdForest WordPress theme (AdForest) is vulnerable due to a missing capability check on multiple AJAX actions (e.g., sb_remove_ad) across versions up to 5.1.7, allowing authenticated users with Subscriber-level access and above to delete posts/attachments and deactivate a license. ...