GCVE - cpe:2.3:a:scriptsbundle:adforest:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:scriptsbundle:adforest:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Scriptsbundle (`13e7198d-c563-51dc-8fdd-759b0d423f28`)
Product	Adforest (`874d5d24-9f76-56dd-8ad9-74c8b971a992`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/scriptsbundle/adforest---classified-ads-wordpress-theme---changelogs`	purl2cpe	2026-06-01 10:17:49.280321

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-1729`	vulnerable	2026-06-08 07:49:09.489860	AdForest <= 6.0.12 - Authentication Bypass CRITICAL (9.8) The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators. Published: 2026-02-12T01:23:42.939Z Updated: 2026-04-08T16:45:51.879Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/34fd42cb-3868-4b1c-bc56-575faf01e8f3?source=cve https://themeforest.net/item/adforest-classified-wordpress-theme/19481695	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-8359`	vulnerable	2026-06-08 07:45:20.042220	AdForest <= 6.0.9 - Authentication Bypass to Admin CRITICAL (9.8) The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, including administrators, without access to a password. Published: 2025-09-06T02:24:18.546Z Updated: 2026-04-08T17:19:38.437Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/c080df50-1113-484b-80ed-09515982c585?source=cve https://themeforest.net/item/adforest-classified-wordpress-theme/19481695	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67946`	vulnerable	2026-06-08 07:41:20.637895	WordPress AdForest theme <= 6.0.11 - Local File Inclusion vulnerability HIGH (8.1) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11. Published: 2026-01-22T16:51:54.507Z Updated: 2026-04-28T19:27:42.343Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Theme/adforest/vulnerability/wordpress-adforest-theme-6-0-11-local-file-inclusion-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-67569`	vulnerable	2026-06-08 07:41:20.012329	WordPress AdForest theme <= 6.0.11 - Broken Access Control vulnerability MEDIUM (5.3) Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11. Published: 2025-12-09T14:14:12.523Z Updated: 2026-04-28T19:23:31.123Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Theme/adforest/vulnerability/wordpress-adforest-theme-6-0-11-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12857`	vulnerable	2026-06-08 06:25:36.234173	AdForest <= 5.1.8 - Authentication Bypass CRITICAL (9.8) The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number. Published: 2025-01-22T07:03:52.415Z Updated: 2026-04-08T16:52:11.854Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/4ff3b4f1-dd36-43d0-b472-55a940907437?source=cve https://themeforest.net/item/adforest-classified-wordpress-theme/19481695	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12855`	vulnerable	2026-06-08 06:25:36.215761	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11350`	vulnerable	2026-06-08 06:23:49.482126	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-11349`	vulnerable	2026-06-08 06:23:49.480366	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.