Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela’s Add User Role plugin <= 0.0.1 at WordPress.
CWE-79
CVE-2022-37404
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar’s add2fav plugin <= 1.0 at WordPress.
CVE-2022-37406
Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
CVE-2022-37407
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.
CVE-2022-37412
Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Galerio & Urda’s Better Delete Revision plugin <= 1.6.1 at WordPress.
CVE-2022-37421
Silverstripe silverstripe/cms through 4.11.0 allows XSS.