Bello - Directory & Listing <= 1.5.9 is vulnerable to WordPress Bello - Directory & Listing premium theme <= 1.5.9 - Cross-Site Scripting (XSS) vulnerability

Subscriber

Published
2021-03-30

The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24319

CVSS

Score:6.1

Severity:Medium

Version: 1.5.9

There is a patch available in v1.6.0 and we strongly recommend you update to this version as soon as possible.