CVE-2011-1150

Name of the Vulnerable Software and Affected Versions bbPress versions 1.0.0 through 1.0.2

Description The issue concerns a cross-site scripting (XSS) flaw in the /bb-login.php URL, specifically via the re parameter. This allows for potential malicious script injection. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For bbPress versions 1.0.0 through 1.0.2, consider disabling access to the /bb-login.php URL or restricting the use of the re parameter until a fix is available. Avoid using the re parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.