Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

UNKNOWN — Vulnerabilities & Security Advisories 4152

Browse all 4152 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by UNKNOWN: Contest Gallery Download Manager EventON Tutor LMS – eLearning and online course solution Modern Events Calendar Lite AI ChatBot wp-eMember Logo Slider Welcart e-Commerce Elementor Website Builder Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Photo Gallery by 10Web Booster for WooCommerce Autoptimize Form Maker by 10Web wp-affiliate-platform wp-cart-for-digital-products Yi Technology VikBooking Hotel Booking Engine & PMS Popup box Frontend File Manager Plugin WP MultiTasking Salon booking system Simple Download Monitor Photo Gallery by 10Web – Mobile-Friendly Image Gallery WPQA Builder MapPress Maps for WordPress EventPrime Blog2Social: Social Media Auto Post & Scheduler Ditty
CVE IDTitleCVSSSeverityPublished
CVE-2022-4625 Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode — Login Logout Menu 5.4 -2023-01-23
CVE-2022-4832 Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode — Store Locator WordPress 5.4 -2023-01-23
CVE-2022-2658 WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting — WP Spell Check 4.8 -2023-01-16
CVE-2022-4299 Metricool < 1.18 - Admin+ Stored XSS — Metricool 4.8 -2023-01-16
CVE-2022-4309 Subscribe2 < 10.38 - User Deletion via CSRF — Subscribe2 5.3 -2023-01-16
CVE-2022-4431 WOOCS < 1.3.9.4 - Contributor+ Stored XSS — WOOCS 5.4 -2023-01-16
CVE-2022-4295 Show All Comments < 7.0.1 - Reflected XSS — Show All Comments 6.1 -2023-01-16
CVE-2022-4578 Video Conferencing with Zoom < 4.0.10 - Contributor+ Stored XSS — Video Conferencing with Zoom 5.4 -2023-01-16
CVE-2022-4484 Super Socializer < 7.13.44 - Contributor+ Stored XSS — Social Share, Social Login and Social Comments Plugin 5.4 -2023-01-16
CVE-2022-4447 Fontsy <= 1.8.6 - Multiple Unauthenticated SQLi — Fontsy 9.8 -2023-01-16
CVE-2022-4451 Sassy Social Share < 3.3.45 - Contributor+ Stored XSS — Social Sharing Plugin 5.4 -2023-01-16
CVE-2022-4060 User Post Gallery <= 2.19 - Unauthenticated RCE — User Post Gallery 9.8 -2023-01-16
CVE-2022-4544 MashShare < 3.8.7 - Contributor+ Stored XSS — Social Media Share Buttons | MashShare 5.4 -2023-01-16
CVE-2022-4483 Insert Pages < 3.7.5 - Contributor+ Stored XSS — Insert Pages 5.4 -2023-01-16
CVE-2022-4460 Sidebar Widgets by CodeLights <= 1.4 - Contributor+ Stored XSS — Sidebar Widgets by CodeLights 5.4 -2023-01-16
CVE-2022-4476 Download Manager < 3.2.62 - Contributor+ Stored XSS — Download Manager 5.4 -2023-01-16
CVE-2022-4477 Smash Balloon Social Post Feed < 4.1.6 - Contributor+ Stored XSS — Smash Balloon Social Post Feed 5.4 -2023-01-16
CVE-2022-4508 ConvertKit < 2.0.5 - Contributor+ Stored XSS — ConvertKit 5.4 -2023-01-16
CVE-2022-4482 Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS — Carousel, Slider, Gallery by WP Carousel 5.4 -2023-01-16
CVE-2022-4549 Tickera < 3.5.1.0 - Plugin Data Deletion via CSRF — Tickera 4.3 -2023-01-16
CVE-2022-4478 Font Awesome < 4.3.2 - Contributor+ Stored XSS — Font Awesome 5.4 -2023-01-16
CVE-2022-4481 Mesmerize Companion < 1.6.135 - Contributor+ Stored XSS — Mesmerize Companion 5.4 -2023-01-16
CVE-2022-4655 Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode — Welcart e-Commerce 5.4 -2023-01-16
CVE-2022-4507 Real Cookie Banner < 3.4.10 - Contributor+ Stored XSS — Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent 5.4 -2023-01-16
CVE-2022-4320 WordPress Events Calendar Plugin < 1.4.5 - Multiple Reflected XSS — WordPress Events Calendar Plugin 6.1 -2023-01-16
CVE-2022-4442 WCK < 2.3.3 - Admin+ Stored XSS — Custom Post Types and Custom Fields creator 4.8 -2023-01-16
CVE-2022-4658 RSSImport <= 4.6.1 - Contributor+ Stored XSS via Shortcode — RSSImport 5.4 -2023-01-16
CVE-2022-4571 Seriously Simple Podcasting < 2.19.1 - Contributor+ Stored XSS — Seriously Simple Podcasting 5.4 -2023-01-16
CVE-2022-4199 Link Library < 7.4.1 - Admin+ Stored XSS — Link Library 4.8 -2023-01-16
CVE-2022-4101 Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion — Images Optimize and Upload CF7 9.1 -2023-01-16

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.