Home / Vulnerability Intelligence / CVE-2026-1729

CVE-2026-1729 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 12, 2026

AdForest WordPress theme - Authentication Bypass

Published: February 12, 2026Updated: February 12, 2026PoC AvailableRemote Exploitable

Overview

AdForest WordPress theme <= 6.0.12 contains an authentication bypass caused by improper user identity verification in 'sb_login_user_with_otp_fun' function, letting unauthenticated attackers log in as arbitrary users including administrators.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Unauthenticated attackers can log in as any user, including administrators, leading to full system compromise.

Mitigation

Update to a version later than 6.0.12 or the latest available version.

References

https://themeforest.net/item/adforest-classified-wordpress-theme/19481695
https://www.wordfence.com/threat-intel/vulnerabilities/id/34fd42cb-3868-4b1c-bc56-575faf01e8f3?source=cve

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-1729
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed

CWE

CWE-306

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H