VYPR

AdForest

by AdForest

CVEs (7)

  • CVE-2026-1729CriFeb 12, 2026
    risk 0.64cvss 9.8epss 0.01

    The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the 'sb_login_user_with_otp_fun' function. This makes it…

  • CVE-2025-8359CriSep 6, 2025
    risk 0.64cvss 9.8epss 0.00

    The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as…

  • CVE-2025-67946HigJan 22, 2026
    risk 0.53cvss 8.1epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scriptsbundle AdForest adforest allows PHP Local File Inclusion.This issue affects AdForest: from n/a through <= 6.0.11.

  • CVE-2025-61116HigOct 30, 2025
    risk 0.49cvss 7.5epss 0.00

    AdForest - Classified Android App version 4.0.12 (package name scriptsbundle.adforest), developed by Muhammad Jawad Arshad, contains an improper access control vulnerability in its authentication mechanism. The app uses a Base64-encoded email address as the authorization…

  • CVE-2025-67569MedDec 9, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in scriptsbundle AdForest adforest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AdForest: from n/a through <= 6.0.11.

  • CVE-2024-12857Jan 22, 2025
    risk 0.00cvss epss 0.01

    The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes it possible for unauthenticated attackers to…

  • CVE-2024-11350Jan 8, 2025
    risk 0.00cvss epss 0.01

    The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password()…