cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12857,https://securityvulnerability.io/vulnerability/CVE-2024-12857,Authentication Bypass in AdForest Theme - WordPress,"The AdForest theme for WordPress has a vulnerability that allows unauthorized users to bypass authentication mechanisms. This flaw affects all versions up to and including 5.1.8. The vulnerability arises from inadequate verification processes, leading to scenarios where an attacker could log in as any user with OTP login configuration via phone number. Without proper identity verification, the integrity of user accounts is at risk.",Wordpress,Adforest,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,false,false,false,2025-01-22T07:03:52.415Z,239
CVE-2024-12855,https://securityvulnerability.io/vulnerability/CVE-2024-12855,Unauthorized Data Modification in AdForest WordPress Theme,"The AdForest theme for WordPress has a security vulnerability that stems from a missing capability check on several AJAX actions, including 'sb_remove_ad'. This issue affects all versions up to and including 5.1.7, allowing authenticated attackers with Subscriber-level access or above to delete posts, attachments, or deactivate licenses without appropriate permissions. It's crucial for users to update their theme to mitigate potential risks.",Wordpress,Adforest,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,false,false,false,2025-01-08T08:18:17.853Z,0
CVE-2024-11350,https://securityvulnerability.io/vulnerability/CVE-2024-11350,Privilege Escalation Vulnerability in AdForest Theme for WordPress,"The AdForest theme for WordPress contains a security flaw allowing privilege escalation through account takeover. This vulnerability exists in all versions up to 5.1.6 due to inadequate validation of user identity during the password update process in the adforest_reset_password() function. As a result, unauthenticated attackers can manipulate the password of any user, including administrators, thus gaining unauthorized access to their accounts. To mitigate this significant security issue, it is vital for users to upgrade to the latest version of the theme and implement security best practices.",Wordpress,Adforest,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,false,false,false,2025-01-08T08:18:16.723Z,0
CVE-2024-11349,https://securityvulnerability.io/vulnerability/CVE-2024-11349,Authentication Bypass Vulnerability in AdForest Theme for WordPress,"CVE-2024-11349 identifies a critical security vulnerability in the AdForest theme for WordPress, allowing unauthenticated attackers to bypass authentication mechanisms. This flaw exists in all versions up to and including 5.1.6, stemming from insufficient user identity verification during the login process handled by the sb_login_user_with_otp_fun() function. Attackers can exploit this vulnerability to gain unauthorized access to arbitrary user accounts, including those of administrators, potentially compromising sensitive site data and user privacy.",Wordpress,Adforest,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,false,false,2024-12-21T04:22:17.791Z,0