CVE-2024-11350

Critical CVSS: 9.8

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Vendor

Scriptsbundle

Product

Adforest

CWE

CWE-640

Yayın Tarihi

2025-01-08 09:15:06

Güncelleme

2025-08-12 16:07:54

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-640 Adforest CRITICAL Scriptsbundle 2025

Referanslar

https://themeforest.net/item/adforest-classified-wordpress-theme/19481695 https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebb766a-44e9-460c-be84-356b7403e593?source=cve

Benzer Kayıtlar

Medium

CVE-2025-0169

The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up…

Critical

CVE-2024-12857

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. Thi…

Medium

CVE-2024-12855

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…