Intrusion PreventionWordPress.Bello.Theme.listing.Multiple.Vulnerabilities
Description
This indicates an attack attempt to exploit a SQL Injection or Cross-Site Scripting vulnerability in the Bello - Directory & Listing WordPress theme.
The vulnerability is due to insufficient sanitization of user supplied inputs in the application. A remote attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to arbitrary SQL code execution in the security context of the database service connected to the application or arbitrary script execution in the context of the victim's browser.
Affected Products
Bello < 1.6.0
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application or gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://bello.bold-themes.com/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2024-05-02 | 27.779 | Default_action:pass:drop |
| 2024-04-25 | 27.775 | Sig Added |
| 2024-04-16 | 27.769 | Name:WordPress. Bello. Theme. listing. SQL. Injection:WordPress. Bello. Theme. listing. Multiple. Vulnerabilities |
| 2024-04-09 | 27.763 |
| ID | 55400 |
| Created | Apr 01, 2024 |
| Updated | May 01, 2024 |
| Risk |
|
| CVE ID | CVE-2021-24320 CVE-2021-24321 |
| Exploit Prediction Score | 0.24% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |