CVE-2021-24320

Name of the Vulnerable Software and Affected Versions The Bello - Directory & Listing WordPress theme versions prior to 1.6.0

Description The issue arises from the theme's failure to properly sanitise and escape certain parameters in its listing page, leading to reflected Cross-Site Scripting issues. The affected parameters include listing list view, bt bb listing field my lat, bt bb listing field my lng, bt bb listing field distance value, bt bb listing field my lat default, bt bb listing field keyword, bt bb listing field location autocomplete, bt bb listing field price range from, and bt bb listing field price range to.

Recommendations For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the listing page or disabling the vulnerable parameters until a patch is available. Avoid using the vulnerable parameters in the listing page until the issue is resolved.