ThreatPress

WordPress Vulnerabilities Database

Back

WordPress BBE theme <= 1.52 - Direct Object Reference vulnerability

Product
BBE
Description
Direct Object Reference vulnerability found by Zhihua Yao in WordPress BBE theme (versions <= 1.52). The vulnerability allows a direct launch of an HTML editor.
Solution
Update the WordPress BBE theme to the latest available version (at least 1.53).
Classification
Type Unknown
OWASP Top 10 A4: Insecure Direct Object References
References
Theme changelog
CVE
Name CVE-2018-11244
Versions
Affected In <= 1.52
Fixed In 1.53
Disclosure date
2018-06-05
Credits
Zhihua Yao
Submitter
ThreatPress