Plataforma
wordpress
Componente
adforest
Corrigido em
6.0.13
CVE-2026-1729 describes an authentication bypass vulnerability affecting the AdForest Classified WordPress Theme. An attacker can exploit this flaw to gain unauthorized access to user accounts, potentially including administrator privileges. This vulnerability impacts versions 0.0.0 through 6.0.12 of the theme. A patch is available in version 6.0.13.
Successful exploitation of CVE-2026-1729 allows an attacker to bypass authentication entirely. This means they can log in as any user within the AdForest WordPress theme, regardless of their credentials. The most severe impact is the ability to gain administrator access, granting complete control over the WordPress site. An attacker could then modify content, install malicious plugins, steal sensitive data (user information, financial details if stored), or deface the website. The blast radius extends to all users of the affected WordPress site, particularly those with administrative privileges.
CVE-2026-1729 was publicly disclosed on 2026-02-12. No public proof-of-concept (PoC) code has been released at the time of writing, but the ease of exploitation (authentication bypass) suggests a high probability of exploitation if a PoC is developed. The vulnerability is not currently listed on the CISA KEV catalog. Given the critical severity and the potential for widespread impact, organizations using the AdForest theme should prioritize remediation.
Websites utilizing the AdForest Classified WordPress Theme, particularly those running versions 0.0.0 through 6.0.12, are at significant risk. Shared hosting environments where multiple websites share the same server are also at increased risk, as a compromise of one site could potentially lead to lateral movement and compromise of others. Sites relying on the AdForest theme for classified ad functionality are especially vulnerable.
• wordpress / composer / npm:
wp plugin list | grep adforest• wordpress / composer / npm:
wp plugin update adforest --version=6.0.13• wordpress / composer / npm:
grep -r 'sb_login_user_with_otp_fun' /var/www/html/wp-content/plugins/adforest/• wordpress / composer / npm:
curl -I https://your-wordpress-site.com/wp-content/plugins/adforest/ | grep Versiondisclosure
Status do Exploit
EPSS
0.12% (percentil 31%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2026-1729 is to immediately upgrade the AdForest Classified WordPress Theme to version 6.0.13 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting access to sensitive areas of the WordPress site. While not a complete solution, implementing multi-factor authentication (MFA) can add an extra layer of security, making it more difficult for attackers to exploit the vulnerability even if they gain access to a user account. After upgrading, verify the fix by attempting to log in without valid credentials; the login should be rejected.
Atualize para a versão 6.0.13, ou uma versão corrigida mais recente
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-1729 is a critical vulnerability in the AdForest WordPress theme allowing attackers to bypass authentication and log in as any user, including administrators, affecting versions 0.0.0–6.0.12.
Yes, if you are using the AdForest Classified WordPress Theme version 0.0.0 through 6.0.12, you are vulnerable to this authentication bypass.
Upgrade the AdForest Classified WordPress Theme to version 6.0.13 or later to resolve the vulnerability. Consider temporary access restrictions if immediate upgrade is not possible.
While no public exploits are currently known, the ease of exploitation suggests a high probability of exploitation if a PoC is developed. Proactive patching is recommended.
Refer to the AdForest theme developer's website or WordPress plugin repository for the official advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.