Cyber Resilience

CVE-2024-12857

Critical

Published: 22 January 2025

Published
22 January 2025
Modified
24 January 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0062 70.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12857 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Scriptsbundle Adforest. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and IA-8 (Identification and Authentication (Non-organizational Users)).

Deeper analysis

CVE-2024-12857 is an authentication bypass vulnerability (CWE-288, CWE-306) in the AdForest theme for WordPress, affecting all versions up to and including 5.1.8. The flaw occurs because the theme does not properly verify a user's identity prior to logging them in as that user, published on 2025-01-22 with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Unauthenticated attackers can exploit this vulnerability over the network with low attack complexity and no user interaction. Exploitation requires the target site to have OTP login configured by phone number, allowing attackers to authenticate as any user on the site and potentially gain full administrative access, resulting in high impacts to confidentiality, integrity, and availability.

Advisories from Wordfence provide further details on the vulnerability at https://www.wordfence.com/threat-intel/vulnerabilities/id/4ff3b4f1-dd36-43d0-b472-55a940907437?source=cve, while the AdForest theme page is available at https://themeforest.net/item/adforest-classified-wordpress-theme/19481695.

EU & UK References

Vulnerability details

The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.8. This is due to the plugin not properly verifying a user's identity prior to logging them in as that user. This makes…

more

it possible for unauthenticated attackers to authenticate as any user as long as they have configured OTP login by phone number.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1078 Valid Accounts Stealth
Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

Direct authentication bypass in public-facing WordPress theme enables unauthenticated network exploitation (T1190) to obtain valid user accounts (T1078).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-11350Same product: Scriptsbundle Adforest
CVE-2025-1717Shared CWE-288, CWE-306
CVE-2025-9254Shared CWE-306
CVE-2025-6895Shared CWE-288
CVE-2025-23504Shared CWE-288
CVE-2026-27389Shared CWE-288
CVE-2025-26966Shared CWE-288
CVE-2025-0159Shared CWE-288, CWE-306
CVE-2026-25357Shared CWE-288
CVE-2025-1061Shared CWE-288

Affected Assets

scriptsbundle
adforest
≤ 5.1.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly and comprehensively mitigates the authentication bypass by requiring timely identification, reporting, and remediation of flaws such as this CVE in the AdForest theme.

prevent

Mandates robust identification and authentication mechanisms for non-organizational users, directly addressing the improper identity verification in the WordPress theme's OTP phone login process.

prevent

Prevents exploitation by prohibiting or restricting nonessential capabilities like OTP login by phone number, which is required to trigger the vulnerability.

References