Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

UNKNOWN — Vulnerabilities & Security Advisories 4143

Browse all 4143 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by UNKNOWN: Contest Gallery Download Manager EventON Tutor LMS – eLearning and online course solution Modern Events Calendar Lite AI ChatBot wp-eMember Logo Slider Welcart e-Commerce Elementor Website Builder Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Photo Gallery by 10Web Booster for WooCommerce Form Maker by 10Web Yi Technology wp-affiliate-platform wp-cart-for-digital-products Autoptimize Simple Download Monitor MapPress Maps for WordPress Salon booking system VikBooking Hotel Booking Engine & PMS WPQA Builder Frontend File Manager Plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery EventPrime Popup box WP MultiTasking wpb-show-core Transposh WordPress Translation
CVE IDTitleCVSSSeverityPublished
CVE-2023-5307 Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers — Photos and Files Contest Gallery 6.1 -2023-10-31
CVE-2023-5243 Login screen manager <= 3.5.2 - Admin+ Stored XSS — Login Screen Manager 4.8 -2023-10-31
CVE-2023-5458 CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG — CITS Support svg, webp Media and TTF,OTF File Upload 5.4 -2023-10-31
CVE-2023-5360 Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload — Royal Elementor Addons and Templates 9.8 -2023-10-31
CVE-2023-5229 E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping — E2Pdf 4.8 -2023-10-31
CVE-2023-5798 Assistant < 1.4.4 - Editor+ SSRF — Assistant 8.1 -2023-10-26
CVE-2023-5089 Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page) — Defender Security 6.1 -2023-10-16
CVE-2023-4289 WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode — WP Matterport Shortcode 5.4 -2023-10-16
CVE-2023-4821 Drag and Drop Multiple File Upload < 1.1.1 - Unauthenticated Stored Cross-Site Scripting — Drag and Drop Multiple File Upload for WooCommerce 9.1 -2023-10-16
CVE-2023-4933 WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing — WP Job Openings 7.5 -2023-10-16
CVE-2023-4820 PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS — PowerPress Podcasting plugin by Blubrry 8.9 -2023-10-16
CVE-2023-4861 File Manager Pro < 1.8.1 - Admin+ Remote Code Execution — File Manager Pro 7.2 -2023-10-16
CVE-2023-4725 Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS — Simple Posts Ticker 4.8 -2023-10-16
CVE-2023-4800 DoLogin Security < 3.7.1 - Subscriber+ IP Address leak — DoLogin Security 4.3 -2023-10-16
CVE-2023-5133 User Activity Log Pro < 2.3.4 - IP Spoofing — user-activity-log-pro 7.5 -2023-10-16
CVE-2023-3279 NextGEN Gallery < 3.39 - Admin+ Local File Inclusion — WordPress Gallery Plugin 4.9 -2023-10-16
CVE-2023-4811 WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting — WordPress File Upload 4.8 -2023-10-16
CVE-2023-3706 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure — ActivityPub 4.3 -2023-10-16
CVE-2023-3746 ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS — ActivityPub 5.4 -2023-10-16
CVE-2023-4646 Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS — Simple Posts Ticker 5.4 -2023-10-16
CVE-2023-5057 ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS — ActivityPub 5.4 -2023-10-16
CVE-2023-3707 ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure — ActivityPub 6.5 -2023-10-16
CVE-2023-4666 Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload — Form Maker by 10Web 9.8 -2023-10-16
CVE-2023-4798 User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS — User Avatar 5.4 -2023-10-16
CVE-2023-5003 Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure — Active Directory Integration / LDAP Integration 7.5 -2023-10-16
CVE-2023-3155 NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete — WordPress Gallery Plugin 9.8 -2023-10-16
CVE-2023-4805 Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting — Tutor LMS 5.4 -2023-10-16
CVE-2023-3154 NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization — WordPress Gallery Plugin 9.8 -2023-10-16
CVE-2023-4691 Bookly < 22.4 - Admin+ SQLi — WordPress Online Booking and Scheduling Plugin 7.2 -2023-10-16
CVE-2023-4783 Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode — Magee Shortcodes 5.4 -2023-10-16

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.