Shodan
Vulnerabilities
Vulnerable Software
Bold-Themes:  Security Vulnerabilities
CVE-2021-24820
The Cost Calculator WordPress plugin through 1.6 allows authenticated users (Contributor+ in versions < 1.5, and Admin+ in versions <= 1.6) to perform path traversal and local PHP file inclusion on Windows Web Servers via the Cost Calculator post's Layout
CVSS Score
6.5
EPSS Score
0.007
Published
2022-02-28
CVE-2021-24579
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.
CVSS Score
8.8
EPSS Score
0.008
Published
2021-08-30
CVE-2021-24319
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise its post_excerpt parameter before outputting it back in the shop/my-account/bello-listing-endpoint/ page, leading to a Cross-Site Scripting issue
CVSS Score
5.4
EPSS Score
0.002
Published
2021-06-01
CVE-2021-24320
The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
CVSS Score
6.1
EPSS Score
0.503
Published
2021-06-01
CVE-2021-24321
The Bello - Directory & Listing WordPress theme before 1.6.0 did not sanitise the bt_bb_listing_field_price_range_to, bt_bb_listing_field_now_open, bt_bb_listing_field_my_lng, listing_list_view and bt_bb_listing_field_my_lat parameters before using them in a SQL statement, leading to SQL Injection issues
CVSS Score
9.8
EPSS Score
0.008
Published
2021-06-01
CVE-2019-15821
The bold-page-builder plugin before 2.3.2 for WordPress has no protection against modifying settings and importing data.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-08-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved