Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total6
Critical5
High0
Medium1
Reset
Showing 1-6 of 6 records
Threat Entry Updated 2026-04-15

CVE-2026-1729 - AdForest Plugin

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.

PLUGIN AdForest

CVE-2026-1729

CRITICAL CVSS 9.8 2026-02-12
Open Full Technical Breakdown
Threat Entry Updated 2025-09-08

CVE-2025-8359 - Adforest Theme

The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, including administrators, without access to a password.

THEME Adforest

CVE-2025-8359

CRITICAL CVSS 9.8 2025-09-06
Open Full Technical Breakdown
Threat Entry Updated 2025-01-24

CVE-2024-12857 - Adforest Plugin

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number.

PLUGIN Adforest

CVE-2024-12857

CRITICAL CVSS 9.8 2025-01-22
Open Full Technical Breakdown
Threat Entry Updated 2025-08-12

CVE-2024-11350 - Adforest Plugin

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

PLUGIN Adforest

CVE-2024-11350

CRITICAL CVSS 9.8 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-08-12

CVE-2024-12855 - Adforest Plugin

The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a license.

PLUGIN Adforest

CVE-2024-12855

MEDIUM CVSS 4.3 2025-01-08
Open Full Technical Breakdown
Threat Entry Updated 2025-08-12

CVE-2024-11349 - Adforest Plugin

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.

PLUGIN Adforest

CVE-2024-11349

CRITICAL CVSS 9.8 2024-12-21
Open Full Technical Breakdown
Scroll to top