UNKNOWN — Vulnerabilities & Security Advisories 4143

Browse all 4143 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-24914	Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal — Tawk.To Live ChatCWE-862	7.3	-	2021-12-06
CVE-2021-24866	WP Data Access < 5.0.0 - Admin+ SQL Injection — WP Data AccessCWE-89	9.8	-	2021-12-06
CVE-2021-24759	PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting — PDF.js ViewerCWE-79	5.4	-	2021-12-06
CVE-2021-24718	ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting — Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form BuilderCWE-79	4.8	-	2021-12-06
CVE-2021-24714	WP All Import < 3.6.3 - Admin+ Stored Cross-Site Scripting — Import any XML or CSV File to WordPressCWE-79	4.8	-	2021-12-06
CVE-2015-20106	ClickBank Affiliate Ads <= 1.20 - Admin+ Stored Cross-Site Scripting — ClickBank Affiliate AdsCWE-79	4.8	-	2021-12-02
CVE-2015-20105	ClickBank Affiliate Ads <= 1.20 - CSRF to Stored Cross-Site Scripting — ClickBank Affiliate AdsCWE-79	6.1	-	2021-12-02
CVE-2020-35037	Events Manager < 5.9.8 - Cross-Site Scripting (XSS) — Events ManagerCWE-79	6.1	-	2021-12-01
CVE-2020-35012	Events Manager < 5.9.8 - Admin+ SQL Injection — Events ManagerCWE-89	7.2	-	2021-12-01
CVE-2021-24927	My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting — My CalendarCWE-79	5.4	-	2021-11-29
CVE-2021-24918	Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS — Smash Balloon Social Post FeedCWE-79	5.4	-	2021-11-29
CVE-2021-24915	Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure — Contest Gallery – Photo Contest Plugin for WordPressCWE-89	9.1	-	2021-11-29
CVE-2021-24908	Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting — Check & Log EmailCWE-79	6.1	-	2021-11-29
CVE-2021-24899	Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting — Media TagsCWE-79	4.8	-	2021-11-29
CVE-2021-24889	Ninja Forms < 3.6.4 - Admin+ SQL Injection — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-89	7.2	-	2021-11-29
CVE-2021-24883	Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting — Popup Anything – A Marketing PopupCWE-79	5.4	-	2021-11-29
CVE-2021-24876	Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting — Registrations for the Events Calendar – Event Registration PluginCWE-79	6.1	-	2021-11-29
CVE-2021-24860	BSK PDF Manager < 3.1.2 - Admin+ SQL Injection — BSK PDF ManagerCWE-89	7.2	-	2021-11-29
CVE-2021-24842	Bulk Datetime Change < 1.12 - Missing Authorisation — Bulk Datetime ChangeCWE-862	5.4	-	2021-11-29
CVE-2021-24822	Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS — Stylish Cost CalculatorCWE-79	5.4	-	2021-11-29
CVE-2021-24811	Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting — Shop Page WPCWE-79	4.8	-	2021-11-29
CVE-2021-24768	WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting — WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and MoreCWE-79	4.8	-	2021-11-29
CVE-2021-24755	myCred < 2.3 - Subscriber+ SQL Injection — myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty PluginCWE-89	8.8	-	2021-11-29
CVE-2021-24751	GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting — GenerateBlocksCWE-79	5.4	-	2021-11-29
CVE-2021-24749	URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF — URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPressCWE-352	6.5	-	2021-11-29
CVE-2021-24748	Email Before Download < 6.8 - Admin+ SQL Injection — Email Before DownloadCWE-89	8.8	-	2021-11-29
CVE-2021-24745	About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting — About Author BoxCWE-79	5.4	-	2021-11-29
CVE-2017-20008	myCRED < 1.7.8 - Reflected Cross-Site Scripting — myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty PluginCWE-79	6.1	-	2021-11-29
CVE-2021-24894	Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS — Reviews PlusCWE-191	6.5	-	2021-11-23
CVE-2021-24891	Elementor < 3.4.8 - DOM Cross-Site-Scripting — Elementor Website BuilderCWE-79	6.1	-	2021-11-23

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

UNKNOWN — Vulnerabilities & Security Advisories 4143