The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
The vulnerability results from the lack of proper user identity verification in the adforest_reset_password() function before updating their password. An attacker without any authentication can call this function and set a new password for a selected account, including the administrator account. After changing the password, the attacker logs in to the compromised account, gaining full access to its privileges (CWE-640: weak password recovery mechanism).
An attacker can gain full control over any WordPress account — including the administrator account — which allows for content modification, installation of malicious plugins, data leakage, and compromise of the entire website.
The AdForest theme should be updated to a version higher than 5.1.6. Patches available from the vendor should be applied according to references. Until updating, it is recommended to monitor authentication logs for suspicious password changes.
The AdForest theme (Scriptsbundle) for WordPress in all versions up to and including 5.1.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HScriptsbundle Adforest
APPScriptsbundle< 5.1.7
Related vulnerabilities
AdForest WordPress Theme — Authentication Bypass przez OTP (do v5.1.8)
Podatność authentication bypass w motywie AdForest dla WordPress (≤ 5.1.6)
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capabilit...
The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in v...
The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.