Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4148

Browse all 4148 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by Unknown: Contest Gallery Download Manager EventON Tutor LMS – eLearning and online course solution Modern Events Calendar Lite AI ChatBot wp-eMember Logo Slider Welcart e-Commerce Elementor Website Builder Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Photo Gallery by 10Web Booster for WooCommerce Autoptimize Form Maker by 10Web wp-affiliate-platform wp-cart-for-digital-products Yi Technology WPQA Builder Simple Download Monitor Salon booking system MapPress Maps for WordPress Photo Gallery by 10Web – Mobile-Friendly Image Gallery Frontend File Manager Plugin Popup box EventPrime VikBooking Hotel Booking Engine & PMS WP MultiTasking GiveWP – Donation Plugin and Fundraising Platform Ditty
CVE IDTitleCVSSSeverityPublished
CVE-2022-1435 WPCargo Track & Trace < 6.9.5 - Admin+ Stored Cross Site Scripting — WPCargo Track & TraceCWE-79 4.8 -2022-05-16
CVE-2022-1425 WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOR — WPQA Builder PluginCWE-639 6.5 -2022-05-16
CVE-2022-1418 Social Stickers <= 2.2.9 - Stored Cross-Site Scripting via CSRF — Social StickersCWE-79 6.1 -2022-05-16
CVE-2022-1409 VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ PHP File Upload — VikBooking Hotel Booking Engine & PMSCWE-434 7.2 -2022-05-16
CVE-2022-1408 VikBooking Hotel Booking Engine & PMS < 1.5.8 - Admin+ Stored Cross-Site Scripting — VikBooking Hotel Booking Engine & PMSCWE-79 4.8 -2022-05-16
CVE-2022-1407 VikBooking Hotel Booking Engine & PMS < 1.5.7 - Stored Cross-Site Scripting via CSRF — VikBooking Hotel Booking Engine & PMSCWE-352 6.5 -2022-05-16
CVE-2022-1398 External Media without Import <= 1.1.2 - Subscriber+ Blind SSRF — External Media without ImportCWE-918 6.5 -2022-05-16
CVE-2022-1393 WP Subtitle < 3.4.1 - Contributor+ Stored Cross-Site Scripting — WP SubtitleCWE-79 5.4 -2022-05-16
CVE-2022-1386 Fusion Builder < 3.6.2 - Unauthenticated SSRF — Fusion BuilderCWE-918 9.1 -2022-05-16
CVE-2022-1349 WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR — WPQA Builder PluginCWE-287 6.5 -2022-05-16
CVE-2022-1334 WP YouTube Live < 1.8.3 - Admin+ Stored Cross Site Scripting — WP YouTube LiveCWE-79 4.8 -2022-05-16
CVE-2022-1267 BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting — BMI BMR CalculatorCWE-79 6.1 -2022-05-16
CVE-2022-1265 BulletProof Security < 6.1 - Admin+ Stored Cross-Site Scripting — BulletProof SecurityCWE-79 4.8 -2022-05-16
CVE-2022-1217 Custom TinyMCE Shortcode Button <= 1.1 - Reflected Cross-Site Scripting — Custom TinyMCE Shortcode ButtonCWE-79 6.1 -2022-05-16
CVE-2022-1216 Advanced Image Sitemap <= 1.2 - Reflected Cross-Site Scripting — Advanced Image SitemapCWE-79 6.1 -2022-05-16
CVE-2022-1182 Visual Slide Box Builder <= 3.2.9 - Subscriber+ SQLi — Visual Slide Box BuilderCWE-89 8.8 -2022-05-16
CVE-2022-1103 Advanced Uploader <= 4.2 - Subscriber+ Arbitrary File Upload — Advanced uploaderCWE-434 8.8 -2022-05-16
CVE-2022-1089 Bulk Edit and Create User Profiles < 1.5.14 - Admin+ Stored Cross-Site Scripting — Bulk Edit and Create User Profiles – WP Sheet EditorCWE-79 4.8 -2022-05-16
CVE-2022-1062 th23 Social <= 1.2.0 - Admin+ Stored Cross-Site Scripting — th23 SocialCWE-79 4.8 -2022-05-16
CVE-2022-1051 WPQA < 5.2 - Subscriber+ Stored Cross-Site Scripting via Profile fields — WPQA Builder PluginCWE-79 5.4 -2022-05-16
CVE-2022-0873 Gmedia Photo Gallery < 1.20.0 - Admin+ Stored Cross-Site Scripting — Gmedia Photo GalleryCWE-79 4.8 -2022-05-16
CVE-2022-0867 ARPrice Lite < 3.6.1 - Unauthenticated SQLi — Pricing Table PluginCWE-89 9.8 -2022-05-16
CVE-2021-25119 AGIL <= 1.0 - Admin+ Arbitrary File Upload — AGIL(Automatic Grid Image Listing)CWE-434 7.2 -2022-05-16
CVE-2022-1338 Easily Generate Rest API Url <= 1.0.0 - Admin+ Stored Cross-Site Scripting — Easily Generate Rest API UrlCWE-79 4.8 -2022-05-09
CVE-2022-1303 Slide Anything < 2.3.44 - Editor+ Stored Cross-Site Scripting — Slide Anything – Responsive Content / HTML Slider and CarouselCWE-79 4.8 -2022-05-09
CVE-2022-1171 Vertical scroll recent post < 14.0 - Reflected Cross-Site Scripting — Vertical scroll recent postCWE-79 6.1 -2022-05-09
CVE-2022-1104 Popup Maker < 1.16.5 - Admin+ Stored Cross-Site Scripting — Popup Maker – Popup for opt-ins, lead gen, & moreCWE-79 4.8 -2022-05-09
CVE-2022-1047 Themify - Post Type Builder Search Addon < 1.4.0 - Reflected Cross-Site Scripting — themify-ptb-searchCWE-79 6.1 -2022-05-09
CVE-2022-1013 Personal Dictionary < 1.3.4 - Unauthenticated SQLi — Personal DictionaryCWE-89 9.8 -2022-05-09
CVE-2022-0948 Order Listener for WooCommerce < 3.2.2 - Unauthenticated SQLi — Order Listener for WooCommerce – Play Sounds Instantly on New OrdersCWE-89 9.8 -2022-05-09

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.