Scriptsbundle Adforest vulnerabilities
8 known vulnerabilities affecting scriptsbundle/adforest.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
2
Severity breakdown
CRITICAL5HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-11350P1CRITICALCVSS 9.8Exploitedfixed in 5.1.7≤ 5.1.62025-01-08
CVE-2024-11350 [CRITICAL] CWE-640 CVE-2024-11350: The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all v
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change
nvd
CVE-2024-11349P1CRITICALCVSS 9.8Exploitedfixed in 5.1.7≤ 5.1.62024-12-21
CVE-2024-11349 [CRITICAL] CWE-288 CVE-2024-11349: The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and i
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, in
nvd
CVE-2026-1729P2CRITICALCVSS 9.8≤ 6.0.122026-02-12
CVE-2026-1729 [CRITICAL] CWE-306 CVE-2026-1729: The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and i
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it possible for unauthenticated attackers to log in as arbitrary users, inc
nvd
CVE-2025-8359P2CRITICALCVSS 9.8≤ 6.0.92025-09-06
CVE-2025-8359 [CRITICAL] CWE-288 CVE-2025-8359: The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and i
The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, including administrators, without access to a password.
nvd
CVE-2024-12857P2CRITICALCVSS 9.8fixed in 5.1.9≤ 5.1.82025-01-22
CVE-2024-12857 [CRITICAL] CWE-288 CVE-2024-12857: The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and i
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by
nvd
CVE-2025-67946P3HIGHCVSS 8.1≤ 6.0.112026-01-22
CVE-2025-67946 [HIGH] CWE-98 CVE-2025-67946: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11.
nvd
CVE-2025-67569P4MEDIUMCVSS 5.3≤ 6.0.112025-12-09
CVE-2025-67569 [MEDIUM] CWE-862 CVE-2025-67569: Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly
Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11.
nvd
CVE-2024-12855P4MEDIUMCVSS 5.4fixed in 5.1.8≤ 5.1.72025-01-08
CVE-2024-12855 [MEDIUM] CWE-862 CVE-2024-12855: The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a licens
nvd