What is CVE-2021-24319?

CVE-2021-24319 is a vulnerability in Boldthemes Bello - Directory & Listing, classified under Cross-site Scripting. Published 2021-06-01.

Is CVE-2021-24319 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Boldthemes Bello - Directory & Listing

CVE-2021-24319

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (37.0th percentile) — read the EPSS interpretation.

Affected products

Boldthemes Bello - Directory & Listing — versions 1.6.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/2c274eb7-25f1-49d4-a2c8-8ce8cecebe68 (x_refsource_CONFIRM)
m0ze.ru/vulnerability/[2021-03-21]-[WordPress]-[CWE-1021]-Bello-WordPress-Theme… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24319?: CVE-2021-24319 is a vulnerability in Boldthemes Bello - Directory & Listing, classified under Cross-site Scripting. Published 2021-06-01.
Is CVE-2021-24319 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.