Platform
wordpress
Component
adforest
Fixed in
6.0.13
CVE-2026-1729 describes an authentication bypass vulnerability affecting the AdForest Classified WordPress Theme. An attacker can exploit this flaw to gain unauthorized access to user accounts, potentially including administrator privileges. This vulnerability impacts versions 0.0.0 through 6.0.12 of the theme. A patch is available in version 6.0.13.
Successful exploitation of CVE-2026-1729 allows an attacker to bypass authentication entirely. This means they can log in as any user within the AdForest WordPress theme, regardless of their credentials. The most severe impact is the ability to gain administrator access, granting complete control over the WordPress site. An attacker could then modify content, install malicious plugins, steal sensitive data (user information, financial details if stored), or deface the website. The blast radius extends to all users of the affected WordPress site, particularly those with administrative privileges.
CVE-2026-1729 was publicly disclosed on 2026-02-12. No public proof-of-concept (PoC) code has been released at the time of writing, but the ease of exploitation (authentication bypass) suggests a high probability of exploitation if a PoC is developed. The vulnerability is not currently listed on the CISA KEV catalog. Given the critical severity and the potential for widespread impact, organizations using the AdForest theme should prioritize remediation.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-1729 is to immediately upgrade the AdForest Classified WordPress Theme to version 6.0.13 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting access to sensitive areas of the WordPress site. While not a complete solution, implementing multi-factor authentication (MFA) can add an extra layer of security, making it more difficult for attackers to exploit the vulnerability even if they gain access to a user account. After upgrading, verify the fix by attempting to log in without valid credentials; the login should be rejected.
Update to version 6.0.13, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-1729 is a critical vulnerability in the AdForest WordPress theme allowing attackers to bypass authentication and log in as any user, including administrators, affecting versions 0.0.0–6.0.12.
Yes, if you are using the AdForest Classified WordPress Theme version 0.0.0 through 6.0.12, you are vulnerable to this authentication bypass.
Upgrade the AdForest Classified WordPress Theme to version 6.0.13 or later to resolve the vulnerability. Consider temporary access restrictions if immediate upgrade is not possible.
While no public exploits are currently known, the ease of exploitation suggests a high probability of exploitation if a PoC is developed. Proactive patching is recommended.
Refer to the AdForest theme developer's website or WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.