2026-02-12 01:23:42
Wordfence
PUBLISHED
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.0.12. This is due to the plugin not properly verifying a users identity prior to authenticating them through the sb_login_user_with_otp_fun function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators.