- Description
- The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
🚨 Critical vulnerability (CVE-2024-12857) in AdForest theme allows full account takeover! All versions up to 5.1.8 are affected. Update to 5.1.9 to safeguard sites! #AdForest #WordPress #USA link: https://t.co/kMUrBWd5kd https://t.co/t7zfkqrp1H
@TweetThreatNews
22 Jan 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12857 The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying … https://t.co/DRiS2ImRaO
@CVEnew
22 Jan 2025
523 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12857: Critical Flaw in AdForest Theme Allows Complete Account Takeover, Thousands of Sites at Risk https://t.co/BfeUgxESgO
@Dinosn
22 Jan 2025
3017 Impressions
11 Retweets
27 Likes
7 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:scriptsbundle:adforest:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "84F07AB5-D52E-4214-BB56-E64AEDF3E2DB",
"versionEndExcluding": "5.1.9"
}
],
"operator": "OR"
}
]
}
]