WordPress BBE theme <= 1.52 - Direct Object Reference vulnerability

Direct Object Reference vulnerability found by Zhihua Yao in WordPress BBE theme versions = 1.52. The vulnerability allows a direct launch of an HTML editor. Solution Update the WordPress BBE theme to the latest available version at least 1.53...

CVE-2018-11244

The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor...

CVE-2018-11244

The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor...

CVE-2018-11244

The BBE theme before 1.53 for WordPress allows a direct launch of an HTML editor...

CVE-2018-11244

The CVE-2018-11244 entry concerns the WordPress BBE theme prior to version 1.53. Multiple sources describe a Direct Object Reference vulnerability that allows direct launching of the HTML editor, implying that an attacker could indirectly trigger the HTML editor through the theme. Affected softwa...

LocalTapiola: Reflected XSS on bbe_open_htmleditor_popup.php of BBE Theme via "value"-GET-parameter

Basic report information Summary: The BBE Theme allows unauthorized access to bbeopenhtmleditorpopup.php which echoes unsanitized values of value-GET-parameter leading to reflected XSS. Description: The www.lahitapiolarahoitus.fi has Wordpress with theme BBE Theme v1.52. I did some code review an...