What is CVE-2021-24320?

CVE-2021-24320 is a vulnerability in Boldthemes Bello - Directory & Listing, classified under Cross-site Scripting. Published 2021-06-01.

Is CVE-2021-24320 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Boldthemes Bello - Directory & Listing

CVE-2021-24320

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.503 (97.9th percentile) — read the EPSS interpretation.

Affected products

Boldthemes Bello - Directory & Listing — versions 1.6.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb (x_refsource_CONFIRM)
m0ze.ru/vulnerability/[2021-03-21]-[WordPress]-[CWE-79]-Bello-WordPress-Theme-v… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24320?: CVE-2021-24320 is a vulnerability in Boldthemes Bello - Directory & Listing, classified under Cross-site Scripting. Published 2021-06-01.
Is CVE-2021-24320 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.