Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4148

Browse all 4148 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by Unknown: Contest Gallery Download Manager EventON Tutor LMS – eLearning and online course solution Modern Events Calendar Lite AI ChatBot wp-eMember Logo Slider Welcart e-Commerce Elementor Website Builder Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Photo Gallery by 10Web Booster for WooCommerce Autoptimize Form Maker by 10Web wp-affiliate-platform wp-cart-for-digital-products Yi Technology WPQA Builder Simple Download Monitor Salon booking system MapPress Maps for WordPress Photo Gallery by 10Web – Mobile-Friendly Image Gallery Frontend File Manager Plugin Popup box EventPrime VikBooking Hotel Booking Engine & PMS WP MultiTasking GiveWP – Donation Plugin and Fundraising Platform Ditty
CVE IDTitleCVSSSeverityPublished
CVE-2022-0898 IgniteUp <= 3.4.1 - Admin+ Stored Cross-Site Scripting — IgniteUp – Coming Soon and Maintenance ModeCWE-79 5.4 -2022-05-09
CVE-2022-0874 WP Social Buttons <= 2.1 - Admin+ Stored Cross-Site Scripting — WP Social ButtonsCWE-79 4.8 -2022-05-09
CVE-2022-0836 SEMA API < 4.02 - Unauthenticated SQLi — SEMA APICWE-89 9.8 -2022-05-09
CVE-2022-0826 WP Video Gallery <= 1.7.1 - Unauthenticated SQLi — WP Video GalleryCWE-89 9.8 -2022-05-09
CVE-2022-0817 BadgeOS <= 3.7.0 - Unauthenticated SQLi — BadgeOSCWE-89 9.8 -2022-05-09
CVE-2022-0814 Ubigeo de Peru < 3.6.4 - Unauthenticated SQLi — Ubigeo de Perú para Woocommerce y WordPressCWE-89 9.8 -2022-05-09
CVE-2022-0625 Admin Menu Editor <= 1.0.4 - Reflected Cross-Site Scripting — Admin Menu EditorCWE-79 6.1 -2022-05-09
CVE-2022-0592 MapSVG < 6.2.20 - Unauthenticated SQLi — MapSVGCWE-89 9.8 -2022-05-09
CVE-2022-0424 Popup by Supsystic < 1.10.9 - Unauthenticated Subscriber Email Addresses Disclosure — Popup by SupsysticCWE-306 5.3 -2022-05-09
CVE-2019-25060 WP-GraphQL < 0.3.5 - Improper Access Control — WPGraphQLCWE-284 5.3 -2022-05-09
CVE-2022-1282 Photo Gallery < 1.6.3 - Reflected Cross-Site Scripting — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79 6.1 -2022-05-02
CVE-2022-1281 Photo Gallery < 1.6.3 - Unauthenticated SQL Injection — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-89 9.8 -2022-05-02
CVE-2022-1273 Import WP < 2.4.6 - Admin+ Arbitrary File Upload to RCE — Import WP – Import and Export WordPress data to XML or CSV filesCWE-434 7.2 -2022-05-02
CVE-2022-1269 Fast Flow < 1.2.12 - Reflected Cross-Site Scripting — Fast FlowCWE-79 6.1 -2022-05-02
CVE-2022-1255 Import and export users and customers < 1.19.2.1 - Admin+ Stored Cross-Site Scripting — Import and export users and customersCWE-79 4.8 -2022-05-02
CVE-2022-1250 LifterLMS PayPal < 1.4.0 - Reflected Cross-Site Scripting — LifterLMS PaypalCWE-79 6.1 -2022-05-02
CVE-2022-1239 HubSpot < 8.8.15 - Contributor+ Blind SSRF — HubSpot – CRM, Email Marketing, Live Chat, Forms & AnalyticsCWE-918 8.1 -2022-05-02
CVE-2022-1046 Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting — Visual Form BuilderCWE-79 4.8 -2022-05-02
CVE-2022-0952 Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update — Sitemap by click5 8.8 -2022-05-02
CVE-2022-0783 Multiple Shipping Address Woocommerce < 2.0 - Unauthenticated SQLi — Multiple Shipping Address WoocommerceCWE-89 9.8 -2022-05-02
CVE-2022-0773 Documentor <= 1.5.3 - Unauthenticated SQLi — Documentor – Create Product DocumentationCWE-89 9.8 -2022-05-02
CVE-2022-0771 SiteSuperCharger < 5.2.0 - Unauthenticated SQLi — SiteSuperChargerCWE-89 9.8 -2022-05-02
CVE-2022-0662 Adrotate < 5.8.23 - Admin+ XSS via Advert Name — AdRotate – Ad manager & AdSense AdsCWE-79 4.8 -2022-05-02
CVE-2022-0649 Adrotate < 5.8.23 - Admin+ XSS via Group Name — AdRotate – Ad manager & AdSense AdsCWE-79 4.8 -2022-05-02
CVE-2022-0428 Content Egg < 5.3.0 - Reflected Cross-Site Scripting — Content EggCWE-79 6.1 -2022-05-02
CVE-2022-0418 Event List < 0.8.8 - Admin+ Stored Cross-Site Scripting — Event ListCWE-79 4.8 -2022-05-02
CVE-2022-0191 Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF — Ad Invalid Click Protector (AICP)CWE-352 4.3 -2022-05-02
CVE-2021-25102 All In One WP Security < 4.4.11 - Authenticated Reflected Cross-Site Scripting — All In One WP Security & FirewallCWE-79 6.1 -2022-05-02
CVE-2021-25086 Advanced Page Visit Counter < 6.1.2 - Unauthenticated Stored Cross-Site Scripting — Advanced Page Visit Counter – Advanced WordPress Visit CounterCWE-79 6.1 -2022-05-02
CVE-2021-25002 Tipsacarrier < 1.5.0.5 - Unauthenticated Orders Disclosure — TipsacarrierCWE-862 7.5 -2022-05-02

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.