Critical severity9.8NVD Advisory· Published Feb 12, 2026· Updated Apr 15, 2026
CVE-2026-1729
CVE-2026-1729
Description
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.
Affected products
2Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.