30 matches found
EUVD-2021-11233
Malware in sbrugna...
EUVD-2021-11235
Malware in sbrugna...
CVE-2021-24319
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...
CVE-2021-24320
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault, btbblistingfieldkeyword, btbblistingfieldlocationautocomplete,...
Exploit for Deserialization of Untrusted Data in Torrentpier
CVE-2024-1651 This CVE was discovered by Carlos Bello from the...
Exploit for Deserialization of Untrusted Data in Torrentpier
CVE-2024-1651 This CVE was discovered by Carlos Bello from the...
CVE-2021-24319
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...
CVE-2021-24319
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...
CVE-2021-24320
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault, btbblistingfieldkeyword, btbblistingfieldlocationautocomplete,...
CVE-2021-24321
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the btbblistingfieldpricerangeto, btbblistingfieldnowopen, btbblistingfieldmylng, listinglistview and btbblistingfieldmylat parameters before using them in a SQL statement, leading to SQL Injection issues...
CVE-2021-24321
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the btbblistingfieldpricerangeto, btbblistingfieldnowopen, btbblistingfieldmylng, listinglistview and btbblistingfieldmylat parameters before using them in a SQL statement, leading to SQL Injection issues...
Cross site scripting
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...
Sql injection
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the btbblistingfieldpricerangeto, btbblistingfieldnowopen, btbblistingfieldmylng, listinglistview and btbblistingfieldmylat parameters before using them in a SQL statement, leading to SQL Injection issues...
CVE-2021-24319 Bello < 1.6.0 - Authenticated Cross-Site Scripting (XSS) and XFS
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its postexcerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue...
CVE-2021-24319
The affected product is the Bello WordPress theme (before version 1.6.0). The vulnerability (CVE-2021-24319) is an authenticated Cross-Site Scripting (XSS) in the shop/my-account/bello-listing-endpoint/ page caused by improper sanitization of the post_excerpt parameter before output. Exploitation...
CVE-2021-24320 Bello < 1.6.0 - Unauthenticated Reflected XSS & XFS
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listinglistview, btbblistingfieldmylat, btbblistingfieldmylng, btbblistingfielddistancevalue, btbblistingfieldmylatdefault, btbblistingfieldkeyword, btbblistingfieldlocationautocomplete,...
CVE-2021-24321 Bello < 1.6.0 - Unauthenticated Blind SQL Injection
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the btbblistingfieldpricerangeto, btbblistingfieldnowopen, btbblistingfieldmylng, listinglistview and btbblistingfieldmylat parameters before using them in a SQL statement, leading to SQL Injection issues...
CVE-2021-24320
The CVE-2021-24320 entry concerns the WordPress Bello - Directory & Listing theme (pre-1.6.0). Affected component: listing-related parameters on the listing page (listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_...
CVE-2021-24321
The Bello WordPress theme (prior to v1.6.0) is vulnerable to unauthenticated blind SQL injection due to not sanitising parameters such as bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view, and bt_bb_listing_field_my_lat before using th...
WordPress 插件 SQL注入漏洞
WordPress Plugin is an open source application plugin for WordPress. Bello - Directory & Listing WordPress theme prior to version 1.6.0 suffers from a SQL injection vulnerability that stems from the theme not cleaning up critical parameters, resulting in their use in SQL injection statements...