PT-2026-7806 · WordPress · Adforest
Phat Rio
·
Published
2026-02-12
·
Updated
2026-02-23
·
CVE-2026-1729
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AdForest versions up to and including 6.0.12
Description
The AdForest theme for WordPress is susceptible to authentication bypass. The issue stems from insufficient user identity verification before authentication via the
sb login user with otp fun function. This allows unauthenticated attackers to log in as any user, including administrators.Recommendations
Versions prior to and including 6.0.12 should be updated when a patch becomes available. As a temporary workaround, consider restricting access to the
sb login user with otp fun function until a patch is available.Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Adforest