A vulnerability identified as critical has been detected in bbsetheme BBS e-Franchise 1.1.1 on WordPress. This affects an unknown part of the component Shortcode Handler . Performing a manipulation of the argument uid results in sql injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2016-20072 . The attack can be initiated remotely. Additionally, an exploit exists.