{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8359", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-30T14:52:48.011Z", "datePublished": "2025-09-06T02:24:18.546Z", "dateUpdated": "2026-04-08T17:19:38.437Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:38.437Z"}, "affected": [{"vendor": "scriptsbundle", "product": "AdForest", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.0.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, including administrators, without access to a password."}], "title": "AdForest <= 6.0.9 - Authentication Bypass to Admin", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c080df50-1113-484b-80ed-09515982c585?source=cve"}, {"url": "https://themeforest.net/item/adforest-classified-wordpress-theme/19481695"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "cweId": "CWE-288", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "timeline": [{"time": "2025-07-30T15:07:58.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-09-05T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-08T20:14:46.642149Z", "id": "CVE-2025-8359", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T20:14:53.899Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8359", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-08T20:14:46.642149Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-08T20:14:50.723Z"}}], "cna": {"title": "AdForest <= 6.0.9 - Authentication Bypass to Admin", "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "scriptsbundle", "product": "AdForest", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "6.0.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-30T15:07:58.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-09-05T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c080df50-1113-484b-80ed-09515982c585?source=cve"}, {"url": "https://themeforest.net/item/adforest-classified-wordpress-theme/19481695"}], "descriptions": [{"lang": "en", "value": "The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, including administrators, without access to a password."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-06T02:24:18.546Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8359", "state": "PUBLISHED", "dateUpdated": "2025-09-08T20:14:53.899Z", "dateReserved": "2025-07-30T14:52:48.011Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-06T02:24:18.546Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, including administrators, without access to a password."}], "id": "CVE-2025-8359", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-06T03:15:41.180", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/adforest-classified-wordpress-theme/19481695"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c080df50-1113-484b-80ed-09515982c585?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:53:48.018962+00:00", "value": {"mitigation_remediation": ["Upgrade the AdForest theme to the latest patched version released by scriptsbundle.", "If a patched version is not yet available, temporarily disable or remove the AdForest theme from the WordPress installation until an update is issued.", "After any change, rotate all user passwords, enforce a strong password policy, and enable two\u2011factor authentication for administrator accounts."], "summary": {"action": "Immediate Upgrade", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the AdForest WordPress theme sold by scriptsbundle. All releases of the theme up to and including version 6.0.9 are impacted. Sites that have not upgraded beyond 6.0.9 are at risk.", "description_and_impact": "The AdForest theme for WordPress is vulnerable to an authentication bypass that allows an unauthenticated attacker to log in as any user, including administrators, without a password. The flaw occurs because the theme fails to validate a user\u2019s identity before granting access, enabling full administrative control of the site.", "risk_and_exploitability": "The CVSS score of 9.8 marks the flaw as critical and indicates a complete takeover of the site if exploited. The EPSS score of less than 1% suggests that exploitation is currently unlikely, but the high severity remains. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that attackers can exploit the flaw by sending an unauthenticated request to the theme\u2019s authentication process; no special access or credentials are required."}}}}, "created": "2025-09-07T15:24:57.126145+00:00", "updated": "2026-04-20T22:00:11.216046+00:00", "vendors": ["scriptsbundle", "scriptsbundle$PRODUCT$adforest", "wordpress", "wordpress$PRODUCT$wordpress"]}