cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2021-24319,https://securityvulnerability.io/vulnerability/CVE-2021-24319,Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS,"The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue",Wordpress,Bello - Directory & Listing,5.4,MEDIUM,0.000590000010561198,false,,false,false,false,,false,false,2021-06-01T11:33:30.000Z,0
CVE-2021-24320,https://securityvulnerability.io/vulnerability/CVE-2021-24320,Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS,"The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.",Wordpress,Bello - Directory & Listing,6.1,MEDIUM,0.0023399998899549246,false,,false,false,false,,false,false,2021-06-01T11:33:30.000Z,0
CVE-2021-24321,https://securityvulnerability.io/vulnerability/CVE-2021-24321,Bello < 1.6.0 - Unauthenticated Blind SQL Injection,"The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters before using them in a SQL statement, leading to SQL Injection issues",Wordpress,Bello - Directory & Listing,9.8,CRITICAL,0.004100000020116568,false,,false,false,false,,false,false,2021-06-01T11:33:30.000Z,0