The BBS e-Popup plugin for WordPress is vulnerable to malicious changes to its data. This means that unauthenticated attackers, or people not authorized to do so, can alter the plugin’s settings in versions up to and including 2.4.5. The vulnerability is caused by the missing capability check on the bbse_popup_admin_action_proc() function, which is called via admin_action.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
