Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

UNKNOWN — Vulnerabilities & Security Advisories 4162

Browse all 4162 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by UNKNOWN: Contest Gallery Download Manager Tutor LMS – eLearning and online course solution Modern Events Calendar Lite EventON AI ChatBot wp-eMember Elementor Website Builder Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Logo Slider Welcart e-Commerce Photo Gallery by 10Web Autoptimize Booster for WooCommerce wp-cart-for-digital-products wp-affiliate-platform Form Maker by 10Web Yi Technology EventPrime Frontend File Manager Plugin Popup box MapPress Maps for WordPress Salon booking system WPQA Builder Photo Gallery by 10Web – Mobile-Friendly Image Gallery VikBooking Hotel Booking Engine & PMS WP MultiTasking Simple Download Monitor Easy Forms for Mailchimp GiveWP – Donation Plugin and Fundraising Platform
CVE IDTitleCVSSSeverityPublished
CVE-2022-2987 Ldap WP Login / Active Directory Integration < 3.0.2 - Unauthenticated Settings Update to Auth Bypass — Ldap WP Login / Active Directory IntegrationCWE-862 5.3 -2022-09-26
CVE-2022-2926 Download Manager < 3.2.55 - Admin+ Arbitrary File/Folder Access via Path Traversal — Download ManagerCWE-22 4.9 -2022-09-26
CVE-2022-2405 WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion — WP Popup Builder – Popup Forms , Marketing PoPuP & NewsletterCWE-862 4.3 -2022-09-26
CVE-2022-2903 NinjaForms < 3.6.13 - Admin+ PHP Objection Injection — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-502 7.2 -2022-09-26
CVE-2022-2404 WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting — WP Popup Builder – Popup Forms , Marketing PoPuP & NewsletterCWE-79 6.1 -2022-09-26
CVE-2022-2352 Post SMTP < 2.1.7 - Admin+ Blind SSRF — Post SMTP Mailer/Email LogCWE-918 7.2 -2022-09-26
CVE-2022-1755 SVG Support < 2.5 - Author+ Stored Cross-Site Scripting — SVG SupportCWE-79 5.4 -2022-09-26
CVE-2022-1613 Restricted Site Access < 7.3.2 - Access Bypass via IP Spoofing — Restricted Site AccessCWE-639 5.3 -2022-09-26
CVE-2021-24890 Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload — scripts-organizerCWE-862 8.8 -2022-09-26
CVE-2022-3024 Simple Bitcoin Faucets <= 1.7.0 - Unauthorised AJAX Call to Stored XSS — Bitcoin Satoshi Tools : Faucets, Visitor Rewarder, Satoshi Games, Referral ProgramCWE-863 7.6 -2022-09-26
CVE-2022-3021 Slickr Flickr <= 2.8.1 - Admin+ Stored Cross-Site Scripting — Slickr FlickrCWE-79 4.8 -2022-09-19
CVE-2022-3036 Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting — Gettext override translationsCWE-79 4.8 -2022-09-19
CVE-2022-2958 BadgeOS < 3.7.1.3 - Subscriber+ SQLi — BadgeOSCWE-89 8.8 -2022-09-19
CVE-2022-2754 Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi — Ketchup Restaurant ReservationsCWE-89 9.8 -2022-09-19
CVE-2022-2753 Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS — Ketchup Restaurant ReservationsCWE-79 6.1 -2022-09-19
CVE-2022-2710 Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting — Scroll To TopCWE-79 4.8 -2022-09-19
CVE-2022-2709 Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting — Float to Top ButtonCWE-79 4.8 -2022-09-19
CVE-2022-2567 Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting — Form Builder CPCWE-79 4.8 -2022-09-19
CVE-2022-1591 WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF — WordPress Ping OptimizerCWE-352 4.3 -2022-09-19
CVE-2022-1580 Site Offline < 1.5.3 - Access Bypass — Site Offline Or Coming Soon Or Maintenance ModeCWE-639 4.3 -2022-09-19
CVE-2022-2840 Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi — Zephyr Project ManagerCWE-89 9.8 -2022-09-19
CVE-2022-3141 Translatepress Multilinugal < 2.3.3 - Admin+ SQLi — Translate Multilingual sites – TranslatePressCWE-89 8.8 -2022-09-19
CVE-2022-3142 NEX-Forms < 7.9.7 - Authenticated SQLi — NEX-Forms – Ultimate Form Builder – Contact forms and much moreCWE-89 8.8 -2022-09-19
CVE-2022-2913 Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass — Login No Captcha reCAPTCHACWE-639 4.3 -2022-09-16
CVE-2022-2912 Craw Data <= 1.0.0 - Server Side Request Forgery — Craw DataCWE-918 5.3 -2022-09-16
CVE-2022-2877 Titan Anti-spam & Security < 7.3.1 - Protection Bypass due to IP Spoofing — Titan Anti-spam & SecurityCWE-639 5.3 -2022-09-16
CVE-2022-2887 WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting — WP Server Health StatsCWE-79 4.8 -2022-09-16
CVE-2022-2799 Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting — Affiliates ManagerCWE-79 4.8 -2022-09-16
CVE-2022-2798 Affiliates Manager < 2.9.14 - Affiliate CSV Injection — Affiliates ManagerCWE-1236 8.0 -2022-09-16
CVE-2022-2737 WP STAGING < 2.9.18 - Admin+ Stored Cross-Site Scripting — WP STAGING – Backup Duplicator & MigrationCWE-79 4.8 -2022-09-16

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.