Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions Security Vulnerabilities and Issues — Page 11 of Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions CVE List

cvelist

CVE-2023-37541 HCL Connections is vulnerable to a broken access control vulnerability

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain...

3.5CVSS

0.0004EPSS

2024-06-25 03:08 PM

vulnrichment

CVE-2023-37541 HCL Connections is vulnerable to a broken access control vulnerability

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain...

3.5CVSS

7AI Score

0.0004EPSS

2024-06-25 03:08 PM

vulnrichment

CVE-2021-4440 x86/xen: Drop USERGS_SYSRET64 paravirt call

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

6.8AI Score

0.0004EPSS

2024-06-25 02:20 PM

1

cvelist

CVE-2021-4440 x86/xen: Drop USERGS_SYSRET64 paravirt call

In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...

0.0004EPSS

2024-06-25 02:20 PM

3

cvelist

CVE-2024-37087

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service...

5.3CVSS

0.001EPSS

2024-06-25 02:16 PM

3

cvelist

CVE-2024-37086

VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...

6.8CVSS

0.0004EPSS

2024-06-25 02:16 PM

2

cvelist

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

6.8CVSS

0.0004EPSS

2024-06-25 02:16 PM

6

vulnrichment

CVE-2024-37085

VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...

6.8CVSS

7.4AI Score

0.0004EPSS

2024-06-25 02:16 PM

4

cve

CVE-2024-5451

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS

5.8AI Score

0.001EPSS

2024-06-25 02:15 PM

12

nvd

CVE-2024-5451

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS

0.001EPSS

2024-06-25 02:15 PM

1

githubexploit

Exploit for CVE-2024-6028

CVE-2024-6028-Poc CVE-2024-6028 Quiz Maker <= 6.5.8.3 -...

9.8CVSS

7.7AI Score

0.001EPSS

2024-06-25 01:55 PM

80

vulnrichment

CVE-2024-5451 The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS

6AI Score

0.001EPSS

2024-06-25 01:53 PM

cvelist

CVE-2024-5451 The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS

0.001EPSS

2024-06-25 01:53 PM

2

redhatcve

CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with.....

7.2AI Score

0.0004EPSS

2024-06-25 01:52 PM