Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

UNKNOWN — Vulnerabilities & Security Advisories 4169

Browse all 4169 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by UNKNOWN: Contest Gallery Download Manager Modern Events Calendar Lite Tutor LMS – eLearning and online course solution EventON wp-eMember AI ChatBot Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Logo Slider Elementor Website Builder Welcart e-Commerce Form Maker by 10Web wp-cart-for-digital-products Booster for WooCommerce wp-affiliate-platform Photo Gallery by 10Web Autoptimize Yi Technology Salon booking system MapPress Maps for WordPress WPQA Builder Popup box VikBooking Hotel Booking Engine & PMS WP MultiTasking EventPrime Frontend File Manager Plugin Simple Download Monitor Photo Gallery by 10Web – Mobile-Friendly Image Gallery Easy Forms for Mailchimp Newsletter Popup
CVE IDTitleCVSSSeverityPublished
CVE-2022-4097 All In One WP Security & Firewall < 5.0.8 - IP Spoofing — All-In-One Security (AIOS) 4.3 -2022-12-12
CVE-2022-3882 WP Memory < 2.46 - Subscriber+ Arbitrary Plugin Installation — Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin 6.5 -2022-12-12
CVE-2022-3908 Helloprint < 1.4.7 - Reflected Cross-Site Scripting — Plug your WooCommerce into the largest catalog of customized print products from Helloprint 6.1 -2022-12-12
CVE-2022-3359 Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection — Shortcodes and extra features for Phlox theme 8.8 -2022-12-12
CVE-2022-3846 Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR — Workreap 5.3 -2022-12-05
CVE-2022-3858 Chaty < 3.0.3 - Admin+ SQLi — Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button 8.8 -2022-12-05
CVE-2022-3907 Clerk < 4.0.0 - Authentication Bypass and API Keys Disclosure — Clerk 7.5 -2022-12-05
CVE-2022-3838 WPUpper Share Buttons <= 3.42 - Admin+ Stored XSS — WPUpper Share Buttons 4.8 -2022-12-05
CVE-2022-1540 PostmagThemes Demo <= 1.0.7 - Admin+ Arbitrary File Upload — PostmagThemes Demo Import 7.2 -2022-12-05
CVE-2022-3249 WP CSV Exporter < 1.3.7 - Admin+ SQLi — WP CSV Exporter 7.2 -2022-12-05
CVE-2022-3926 WP OAuth Server < 3.4.2 - Client Secret Regeneration via CSRF — WP OAuth Server (OAuth Authentication) 6.5 -2022-12-05
CVE-2022-3426 Advanced WP Columns <= 2.0.6 - Admin+ Stored Cross-Site Scripting — Advanced WP Columns 4.8 -2022-12-05
CVE-2022-3830 WP Page Builder <= 1.2.8 - Admin+ Stored Cross-Site — WP Page Builder 4.8 -2022-12-05
CVE-2022-3892 WP OAuth Server < 4.2.2 - Admin+ Stored XSS — WP OAuth Server (OAuth Authentication) 4.8 -2022-12-05
CVE-2022-3677 Advanced Import < 1.3.8 - Arbitrary Plugin Installation & Activation via CSRF — Advanced Import : One Click Import for WordPress or Theme Demo Data 6.5 -2022-12-05
CVE-2022-3837 Uji Countdown < 2.3.1 - Admin+ Stored XSS — Uji Countdown 4.8 -2022-12-05
CVE-2022-3909 Add Comments <= 1.0.1 - Admin+ Stored XSS — Add Comments 4.8 -2022-12-05
CVE-2022-3694 Syncee - Global Dropshipping < 1.0.10 - Authentication Token Disclosure — Syncee 9.1 -2022-12-05
CVE-2022-3856 Comic Book Management System < 2.2.0 - Admin+ SQLi — Comic Book Management System 8.8 -2022-12-05
CVE-2022-3847 Showing URL in QR Code <= 0.0.1 - Stored XSS via CSRF — Showing URL in QR Code 4.7 -2022-11-28
CVE-2022-3865 WP User Merger < 1.5.3 - Admin+ SQLi via ID — WP User Merger 8.8 -2022-11-28
CVE-2022-3823 Beautiful Cookie Consent Banner < 2.9.1 - Admin+ Stored XSS — Beautiful Cookie Consent Banner 4.8 -2022-11-28
CVE-2022-3511 Awesome Support < 6.1.2 - Subscriber+ Arbitrary Exported Tickets Download — Awesome Support 6.5 -2022-11-28
CVE-2022-3839 Analytics for WP <= 1.5.1 - Admin+ Stored XSS — Analytics for WP 4.8 -2022-11-28
CVE-2022-3603 Export customers list CSV for WooCommerce < 2.0.69 - CSV Injection — Export customers list csv for WooCommerce, WordPress users csv, export Guest customer list 9.8 -2022-11-28
CVE-2022-3834 Google Forms <= 0.95 - Admin+ Stored XSS — Google Forms 4.8 -2022-11-28
CVE-2022-3822 Donations via PayPal < 1.9.9 - Admin+ Stored XSS — Donations via PayPal 4.8 -2022-11-28
CVE-2022-3848 WP User Merger < 1.5.3 - Admin+ SQLi via wpsu_user_id — WP User Merger 8.8 -2022-11-28
CVE-2022-3833 Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS — Fancier Author Box by ThematoSoup 4.8 -2022-11-28
CVE-2022-3824 WP Admin UI Customize < 1.5.13 - Admin+ Stored XSS — WP Admin UI Customize 4.8 -2022-11-28

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.