UNKNOWN — Vulnerabilities & Security Advisories 4148

Browse all 4148 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-25017	Tutor LMS < 1.9.12 - Reflected Cross-Site Scripting — Tutor LMS – eLearning and online course solutionCWE-79	6.1	-	2022-01-24
CVE-2021-25015	myCred < 2.4 - Reflected Cross-Site Scripting — myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty PluginCWE-79	6.1	-	2022-01-24
CVE-2021-25013	Qubely < 1.7.8 - Subscriber+ Arbitrary Post Deletion — Qubely – Advanced Gutenberg BlocksCWE-862	6.5	-	2022-01-24
CVE-2021-25008	Code Snippets < 2.14.3 - Reflected Cross-Site Scripting — Code SnippetsCWE-79	6.1	-	2022-01-24
CVE-2021-24989	Accept Donations with PayPal < 1.3.4 - Arbitrary Post Deletion via CSRF — Accept Donations with PayPalCWE-352	6.5	-	2022-01-24
CVE-2021-24985	Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting — Easy Forms for MailchimpCWE-79	6.1	-	2022-01-24
CVE-2021-24976	Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting — Smart SEO Tool – SEO优化插件CWE-79	6.1	-	2022-01-24
CVE-2021-24974	Product Feed PRO for WooCommerce < 11.0.7 - Subscriber+ Settings Update to Stored XSS — Product Feed PRO for WooCommerceCWE-79	5.4	-	2022-01-24
CVE-2021-24968	Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation — Ultimate FAQ – WordPress FAQ and Accordion PluginCWE-862	3.5	-	2022-01-24
CVE-2021-24965	Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting — Five Star Restaurant Reservations – WordPress Booking PluginCWE-79	5.4	-	2022-01-24
CVE-2021-24936	WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting — WP Extra File TypesCWE-352	8.2	-	2022-01-24
CVE-2021-24923	Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS — Newsletter, SMTP, Email marketing and Subscribe forms by SendinblueCWE-79	6.1	-	2022-01-24
CVE-2021-24906	Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation — Protect WP AdminCWE-862	7.5	-	2022-01-24
CVE-2021-24865	Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection — Advanced Custom Fields: ExtendedCWE-89	7.2	-	2022-01-24
CVE-2021-24858	WP Cookie User Info < 1.0.9 - Admin+ SQL Injection — Cookie Notification Plugin for WordPress – WP Cookie User InfoCWE-89	7.2	-	2022-01-24
CVE-2021-24733	WP Post Page Clone < 1.2 - Unauthorised Post Access — WP Post Page CloneCWE-863	4.3	-	2022-01-24
CVE-2021-24696	Simple Download Monitor < 3.9.9 - Multiple CSRF — Simple Download MonitorCWE-352	8.8	-	2022-01-24
CVE-2021-24694	Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes — Simple Download MonitorCWE-79	5.4	-	2022-01-24
CVE-2021-24423	UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting — UpdraftPlus WordPress Backup PluginCWE-79	4.8	-	2022-01-24
CVE-2021-25067	Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS) — Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing PagesCWE-79	5.4	-	2022-01-17
CVE-2021-25065	Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS) — Smash Balloon Social Post FeedCWE-79	5.4	-	2022-01-17
CVE-2021-25061	WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS) — WP Booking System – Booking CalendarCWE-79	5.4	-	2022-01-17
CVE-2021-25046	Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS — Modern Events Calendar LiteCWE-79	5.4	-	2022-01-17
CVE-2021-25037	All In One SEO < 4.1.5.3 - Authenticated SQL Injection — All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase TrafficCWE-89	6.5	-	2022-01-17
CVE-2021-25036	All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation — All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase TrafficCWE-287	8.8	-	2022-01-17
CVE-2021-25024	Event Calendar < 1.1.51 - Reflected Cross-Site Scripting — EventCalendarCWE-79	6.1	-	2022-01-17
CVE-2021-25005	SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting — SEUR OficialCWE-79	4.8	-	2022-01-17
CVE-2021-24909	ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting — ACF Photo Gallery FieldCWE-79	6.1	-	2022-01-17
CVE-2021-24838	AnyComment < 0.3.5 - Open Redirect — AnyCommentCWE-601	6.1	-	2022-01-17
CVE-2021-25025	Event Calendar < 1.1.51 - Subscriber+ Event Creation — EventCalendarCWE-352	4.3	-	2022-01-17

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

UNKNOWN — Vulnerabilities & Security Advisories 4148