CVE-2022-37403

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nikhil Vaghela’s Add User Role plugin <= 0.0.1 at WordPress.

Source: CVE-2022-37403

CVE-2022-37404

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar’s add2fav plugin <= 1.0 at WordPress.

Source: CVE-2022-37404

CVE-2022-36876

Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.

Source: CVE-2022-36876

CVE-2022-37411

Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza’s Captcha Code plugin <= 2.7 at WordPress.

Source: CVE-2022-37411

CVE-2022-37412

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Galerio & Urda’s Better Delete Revision plugin <= 1.6.1 at WordPress.

Source: CVE-2022-37412

CVE-2022-38058

Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.

Source: CVE-2022-38058

CVE-2022-38059

Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov’s Access Code Feeder plugin <= 1.0.3 at WordPress.

Source: CVE-2022-38059

CVE-2022-38064

OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information.

Source: CVE-2022-38064

CVE-2022-36871

Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

Source: CVE-2022-36871

CVE-2022-36864

Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.

Source: CVE-2022-36864