Primary

Context

AdForest WordPress Theme Privilege Escalation Vulnerability Allowing Account Takeover

Vulnerability

A vulnerability in the AdForest theme for WordPress, present in all versions through 5.1.6, allows for privilege escalation via account takeover. The issue arises because the theme's password reset function, adforest_reset_password(), fails to properly verify a user's identity before allowing password changes. This flaw enables unauthenticated attackers to reset passwords for any user, including administrators, and gain unauthorized access to their accounts.

Impact

Exploitation of this vulnerability allows unauthenticated attackers to change passwords of any user, including administrators, leading to unauthorized access to their accounts.

Remediation

Users can update to version 5.1.7 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AdForest WordPress Theme Privilege Escalation Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating