CRITICAL🇵🇱 Wersja polska

CVE-2024-12857

CVSS 9.8v3.1pub. 2025-01-22upd. 2025-01-24

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Scriptsbundle Adforest

    APP
    Scriptsbundle
    < 5.1.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-11350CRITICAL9.8PL ✓ten sam produkt

AdForest dla WordPress — przejęcie konta i privilege escalation bez uwierzytelnienia

CVE-2024-11349CRITICAL9.8PL ✓ten sam produkt

Podatność authentication bypass w motywie AdForest dla WordPress (≤ 5.1.6)

CVE-2024-12855MEDIUM4.3ten sam produkt

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capabilit...

CVE-2025-0169MEDIUM6.4ten sam vendor

The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in v...

CVE-2019-15870MEDIUM5.4ten sam vendor

The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field.