CVE-2024-12855

Medium CVSS: 4.3

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a license.

Vendor

Scriptsbundle

Product

Adforest

CWE

CWE-862

Yayın Tarihi

2025-01-08 09:15:06

Güncelleme

2025-08-12 16:05:56

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Adforest MEDIUM Scriptsbundle 2025

Referanslar

https://themeforest.net/item/adforest-classified-wordpress-theme/19481695 https://www.wordfence.com/threat-intel/vulnerabilities/id/db7f5553-758b-47ab-8319-a549b73f4cfa?source=cve

Benzer Kayıtlar

Medium

CVE-2025-0169

The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up…

Critical

CVE-2024-12857

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. Thi…

Critical

CVE-2024-11350

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and i…