Direct Object Reference vulnerability found by Zhihua Yao in WordPress BBE theme (versions <= 1.52). The vulnerability allows a direct launch of an HTML editor.
Update the WordPress BBE theme to the latest available version (at least 1.53).