What is CVE-2021-24321?

CVE-2021-24321 is a vulnerability in Boldthemes Bello - Directory & Listing, classified under SQL Injection. Published 2021-06-01.

Is CVE-2021-24321 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in Boldthemes Bello - Directory & Listing

CVE-2021-24321

The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters bef…

Vulnerability class: SQL Injection

EPSS: 0.008 (73.7th percentile) — read the EPSS interpretation.

Affected products

Boldthemes Bello - Directory & Listing — versions 1.6.0

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/7314f9fa-c047-4e0c-b145-940240a50c02 (x_refsource_CONFIRM)
m0ze.ru/vulnerability/[2021-03-21]-[WordPress]-[CWE-89]-Bello-WordPress-Theme-v… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24321?: CVE-2021-24321 is a vulnerability in Boldthemes Bello - Directory & Listing, classified under SQL Injection. Published 2021-06-01.
Is CVE-2021-24321 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.