UNKNOWN — Vulnerabilities & Security Advisories 4175

Browse all 4175 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE ID	Title	CVSS	Severity	Published
CVE-2022-1894	Popup Builder < 4.1.11 - Admin+ Stored Cross-Site Scripting — Popup Builder – Create highly converting, mobile friendly marketing popups.CWE-79	4.8	-	2022-07-11
CVE-2022-1757	Pagebar < 2.70 - Arbitrary Settings Update via CSRF to Stored XSS — pagebarCWE-352	5.4	-	2022-07-11
CVE-2022-1732	Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF — Rename wp-login.phpCWE-352	6.5	-	2022-07-11
CVE-2022-1626	Sharebar <= 1.4.1 - Arbitrary Settings Update to Stored XSS via CSRF — SharebarCWE-352	4.6	-	2022-07-11
CVE-2022-1599	Admin Management Xtended < 2.4.5 - Post Visibility/Date/Comment Status Update via CSRF — Admin Management XtendedCWE-352	6.5	-	2022-07-11
CVE-2022-1576	WP Maintenance Mode & Coming Soon < 2.4.5 - Subscribed Users Deletion via CSRF — WP Maintenance Mode & Coming SoonCWE-352	6.5	-	2022-07-11
CVE-2022-1546	WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting — WooCommerce – Product ImporterCWE-79	6.1	-	2022-07-11
CVE-2022-1474	WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting — WP Event Manager – Easily Build your Calendar of Events!CWE-79	6.1	-	2022-07-11
CVE-2022-1220	FoxyShop < 4.8.2 - Reflected Cross-Site Scripting — FoxyShopCWE-79	6.1	-	2022-07-11
CVE-2022-1057	Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQLi — Pricing Deals for WooCommerceCWE-89	9.8	-	2022-07-11
CVE-2022-2268	WP All Import < 3.6.8 - Admin+ Arbitrary File Upload — Import any XML or CSV File to WordPressCWE-434	7.2	-	2022-07-04
CVE-2022-1967	WP Championship < 9.3 - Multiple CSRF — WP ChampionshipCWE-352	6.5	-	2022-07-04
CVE-2022-1946	Gallery < 2.0.0 - Reflected Cross-Site Scripting — Gallery – Image and Video Gallery with ThumbnailsCWE-79	6.1	-	2022-07-04
CVE-2022-1301	WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting — WP Contact SliderCWE-79	4.8	-	2022-07-04
CVE-2022-0250	Redirection for Contact Form 7 < 2.5.0 - Reflected Cross-Site Scripting — Redirection for Contact Form 7CWE-79	6.1	-	2022-07-04
CVE-2021-25066	Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-79	4.8	-	2022-07-04
CVE-2021-25056	Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-79	4.8	-	2022-07-04
CVE-2022-2041	Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content — Brizy – Page BuilderCWE-79	5.4	-	2022-06-27
CVE-2022-2040	Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL — Brizy – Page BuilderCWE-79	5.4	-	2022-06-27
CVE-2022-1995	miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting — Malware ScannerCWE-79	4.8	-	2022-06-27
CVE-2022-1994	Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting — Login With OTP Over SMS, Email, WhatsApp and Google AuthenticatorCWE-79	4.8	-	2022-06-27
CVE-2022-1990	Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting — Nested PagesCWE-79	4.8	-	2022-06-27
CVE-2022-1977	WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF — Import Export All WordPress Images, Users & Post TypesCWE-918	6.5	-	2022-06-27
CVE-2022-1971	NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS — NextCellent Gallery – NextGEN LegacyCWE-79	4.8	-	2022-06-27
CVE-2022-1964	Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG — Easy SVG SupportCWE-79	5.4	-	2022-06-27
CVE-2022-1960	MyCSS <= 1.1 - Arbitrary Settings Update via CSRF — MyCSSCWE-352	4.3	-	2022-06-27
CVE-2022-1953	Product Configurator for WooCommerce < 1.2.32 - Unauthenticated Arbitrary File Deletion — Product Configurator for WooCommerceCWE-22	9.1	-	2022-06-27
CVE-2022-1916	Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting — Active Products Tables for WooCommerce. Professional products tables for WooCommerce storeCWE-79	6.1	-	2022-06-27
CVE-2022-1914	Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF — Clean-ContactCWE-352	5.4	-	2022-06-27
CVE-2022-1913	Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF — Add Post URLCWE-352	5.4	-	2022-06-27

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

UNKNOWN — Vulnerabilities & Security Advisories 4175