CVE-2026-1729
Authentication Bypass in AdForest WordPress Theme Allows Admin Access
Publication date: 2026-02-12
Last updated on: 2026-02-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adforest | theme | to 6.0.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The AdForest theme for WordPress has a vulnerability that allows attackers to bypass authentication. This happens because the theme does not properly verify a user's identity before authenticating them through the 'sb_login_user_with_otp_fun' function. As a result, unauthenticated attackers can log in as any user, including administrators.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows attackers to gain unauthorized access to user accounts, including those with administrative privileges. This can lead to full control over the affected WordPress site, enabling attackers to modify content, steal sensitive information, or disrupt site operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know