CVE-2024-12857 – The AdForest WordPress theme has an authenticat... (How to Fix)

Q: What is the severity of CVE-2024-12857?

CVE-2024-12857 has a CVSS score of 9.8 (CRITICAL). The AdForest WordPress theme has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user when OTP phone login is enabled. This affects all AdForest theme versions up to 5.1.8. Attackers can gain administrative access to WordPress sites using this theme.

📋 TL;DR

The AdForest WordPress theme has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user when OTP phone login is enabled. This affects all AdForest theme versions up to 5.1.8. Attackers can gain administrative access to WordPress sites using this theme.

💻 Affected Systems

Products:

AdForest WordPress Theme

Versions: All versions up to and including 5.1.8

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when OTP login by phone number feature is enabled in the theme settings.

📦 What is this software?

Adforest by Scriptsbundle

View all CVEs affecting Adforest →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover with administrative privileges, data theft, malware injection, and defacement.

🟠

Likely Case

Unauthorized access to user accounts, privilege escalation to admin, and potential data exfiltration.

🟢

If Mitigated

Limited impact if OTP phone login is disabled or proper access controls are implemented.

🌐 Internet-Facing: HIGH - WordPress sites are internet-facing by design and vulnerable to remote exploitation.

🏢 Internal Only: LOW - This vulnerability primarily affects internet-facing WordPress installations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires OTP phone login to be enabled but is straightforward once that condition is met.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 5.1.9 or later

Vendor Advisory: https://themeforest.net/item/adforest-classified-wordpress-theme/19481695

Restart Required: No

Instructions:

1. Update AdForest theme to version 5.1.9 or later via WordPress admin panel. 2. Verify update completed successfully. 3. Test authentication functionality.

🔧 Temporary Workarounds

Disable OTP Phone Login

all

Disable the OTP login by phone number feature in AdForest theme settings.

Temporary Theme Deactivation

all

Switch to default WordPress theme until patch can be applied.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block authentication bypass attempts
Enable strict access controls and monitor for unusual login patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Appearance > Themes for AdForest theme version 5.1.8 or earlier.

Check Version:

wp theme list --field=name,version --format=csv (if WP-CLI installed)

Verify Fix Applied:

Confirm AdForest theme version is 5.1.9 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login from same IP
Successful logins from unusual locations or IPs
User privilege escalation events

Network Indicators:

Unusual authentication request patterns to wp-login.php or theme-specific endpoints
Traffic spikes to OTP-related endpoints

SIEM Query:

source="wordpress.log" AND ("authentication failed" OR "logged in") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2024-12857

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

EPSS Score: 1.71% exploit probability (82th percentile)

Published: January 22, 2025

Last Updated: January 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12857, you might also want to check these: