Boldthemes Bello Directory Listing vulnerabilities
3 known vulnerabilities affecting boldthemes/bello_directory_listing.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-24321P2CRITICALCVSS 9.8≥ 1.6.0, < 1.6.02021-06-01
CVE-2021-24321 [CRITICAL] CWE-89 CVE-2021-24321: The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_fiel
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters before using them in a SQL statement, leading to SQL Injection issues
nvd
CVE-2021-24320P3MEDIUMCVSS 6.1PoC≥ 1.6.0, < 1.6.02021-06-01
CVE-2021-24320 [MEDIUM] CWE-79 CVE-2021-24320: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape it
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range
nvd
CVE-2021-24319P4MEDIUMCVSS 5.4≥ 1.6.0, < 1.6.02021-06-01
CVE-2021-24319 [MEDIUM] CWE-79 CVE-2021-24319: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_exce
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue
nvd