Cyber Resilience

CVE-2024-11350

Critical

Published: 08 January 2025

Published
08 January 2025
Modified
12 August 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0044 63.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-11350 is a critical-severity Weak Password Recovery Mechanism for Forgotten Password (CWE-640) vulnerability in Scriptsbundle Adforest. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-11350 is a privilege escalation vulnerability via account takeover in the AdForest theme for WordPress, affecting all versions up to and including 5.1.6. The issue arises because the adforest_reset_password() function fails to properly validate a user's identity before updating their password, as published on 2025-01-08. It is associated with CWE-640 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H).

Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no user interaction required. By leveraging the flawed password reset mechanism, they can change the passwords of arbitrary users, including administrators, to gain full unauthorized access to those accounts.

Advisories provide further details via the Wordfence threat intelligence page at https://www.wordfence.com/threat-intel/vulnerabilities/id/4ebb766a-44e9-460c-be84-356b7403e593?source=cve and the AdForest theme listing on ThemeForest at https://themeforest.net/item/adforest-classified-wordpress-theme/19481695.

EU & UK References

Vulnerability details

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the…

more

adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Direct remote exploitation of public-facing WordPress password reset flaw enables initial access via compromised valid accounts (incl. admin).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-12857Same product: Scriptsbundle Adforest
CVE-2026-30459Shared CWE-640
CVE-2026-33707Shared CWE-640
CVE-2026-2564Shared CWE-640
CVE-2026-27593Shared CWE-640
CVE-2026-7459Shared CWE-640
CVE-2025-13565Shared CWE-640
CVE-2025-63314Shared CWE-640
CVE-2026-29199Shared CWE-640
CVE-2026-40585Shared CWE-640

Affected Assets

scriptsbundle
adforest
≤ 5.1.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires verification of user identity prior to issuing or changing authenticators like passwords, directly preventing unauthorized password updates via the flawed adforest_reset_password() function.

prevent

Mandates validation of information inputs to the password reset function, blocking exploitation due to lack of identity validation.

preventdetectrespond

Establishes procedures for account modifications including password changes with approvals and reviews, mitigating unauthorized takeovers and enabling detection of compromised accounts.

References