Approved changes feed: RSS · Atom
cpe:2.3:a:scriptsbundle:adforest:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Scriptsbundle (13e7198d-c563-51dc-8fdd-759b0d423f28) |
|---|---|
| Product | Adforest (874d5d24-9f76-56dd-8ad9-74c8b971a992) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/scriptsbundle/adforest---classified-ads-wordpress-theme---changelogs |
purl2cpe | 2026-06-01 10:17:49.280323 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-12857 |
vulnerable | 2026-06-08 06:25:36.234328 |
AdForest <= 5.1.8 - Authentication Bypass
CRITICAL (9.8)
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number.
Published: 2025-01-22T07:03:52.415Z
Updated: 2026-04-08T16:52:11.854Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-12855 |
vulnerable | 2026-06-08 06:25:36.217083 |
AdForest - Classified Ads WordPress Theme <= 5.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post/Attachment Deletion
MEDIUM (4.3)
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a license.
Published: 2025-01-08T08:18:17.853Z
Updated: 2026-04-08T17:27:36.169Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11350 |
vulnerable | 2026-06-08 06:23:49.482174 |
AdForest <= 5.1.6 - Privilege Escalation via Password Reset/Account Takeover
CRITICAL (9.8)
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
Published: 2025-01-08T08:18:16.723Z
Updated: 2026-04-08T16:51:50.893Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-11349 |
vulnerable | 2026-06-08 06:23:49.481746 |
AdForest <= 5.1.6 - Authentication Bypass
CRITICAL (9.8)
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
Published: 2024-12-21T04:22:17.791Z
Updated: 2026-04-08T17:32:53.748Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.