Unknown — Vulnerabilities & Security Advisories 4143

Browse all 4143 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE ID	Title	CVSS	Severity	Published
CVE-2022-0674	Kunze Law < 2.1 - Admin+ Stored Cross-Site Scripting — Kunze LawCWE-79	4.8	-	2022-03-14
CVE-2022-0659	Sync iCloud COS < 2.0.1 - Admin+ Stored Cross-Site Scripting — Sync QCloud COSCWE-79	4.8	-	2022-03-14
CVE-2022-0658	CommonsBooking < 2.6.8 - Unauthenticated SQL Injection — CommonsBookingCWE-89	9.8	-	2022-03-14
CVE-2022-0648	Team Circle Image Slider With Lightbox < 1.0.16 - Reflected Cross-Site Scripting — Team Circle Image Slider With LightboxCWE-79	6.1	-	2022-03-14
CVE-2022-0601	Countdown & Clock < 2.2.9 - Reflected Cross-Site Scripting — Countdown, Coming Soon, Maintenance – Countdown & ClockCWE-79	6.1	-	2022-03-14
CVE-2022-0593	Login with phone number < 1.3.7 - Unauthenticated remote plugin deletion — Login with phone numberCWE-73	8.2	-	2022-03-14
CVE-2022-0503	Multisite Content Copier/Updater < 2.1.2 - Reflected Cross-Site Scripting — WordPress Multisite Content Copier/UpdaterCWE-79	6.1	-	2022-03-14
CVE-2022-0478	Event Manager for WooCommerce < 3.5.8 - Contributor+ SQL Injection — Event Manager and Tickets Selling Plugin for WooCommerceCWE-89	8.8	-	2022-03-14
CVE-2022-0449	Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting — Flexi – Guest SubmitCWE-79	6.1	-	2022-03-14
CVE-2022-0399	Advanced Product Labels for WooCommerce < 1.2.3.7 - Reflected Cross-Site Scripting — Advanced Product Labels for WooCommerceCWE-79	6.1	-	2022-03-14
CVE-2022-0327	Master Addons for Elementor < 1.8.2 - Reflected Cross-Site Scripting — Master Addons for ElementorCWE-79	6.1	-	2022-03-14
CVE-2022-0321	WP Voting Contest < 3.0 - Reflected Cross-Site Scripting — WP Voting ContestCWE-79	6.1	-	2022-03-14
CVE-2022-0254	Zero Spam < 5.2.11 - Admin+ SQL Injection — WordPress Zero SpamCWE-89	7.2	-	2022-03-14
CVE-2022-0248	Contact Form Submissions < 1.7.3 - Unauthenticated Stored XSS — Contact Form SubmissionsCWE-79	6.1	-	2022-03-14
CVE-2022-0230	Better WordPress Google XML Sitemaps <= 1.4.1 - Unauthenticated Stored Cross-Site Scripting — Better WordPress Google XML Sitemaps (support Sitemap Index, Multi-site and Google News)CWE-79	6.1	-	2022-03-14
CVE-2022-0169	Photo Gallery by 10Web < 1.6.0 - Unauthenticated SQL Injection — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-89	9.8	-	2022-03-14
CVE-2022-0165	Page Builder KingComposer <= 2.9.6 - Open Redirect — Page Builder: KingComposer – Free Drag and Drop page builder by King-ThemeCWE-601	6.1	-	2022-03-14
CVE-2022-0161	ARI Fancy Lightbox < 1.3.9 - Reflected Cross-Site Scripting — ARI Fancy Lightbox – WordPress PopupCWE-79	6.1	-	2022-03-14
CVE-2022-0147	Cookie Information < 2.0.8 - Reflected Cross-Site Scripting — Cookie Information \| Free GDPR Consent SolutionCWE-79	6.1	-	2022-03-14
CVE-2021-25026	Patreon WordPress < 1.8.2 - Admin+ Stored Cross-Site Scripting — Patreon WordPressCWE-79	4.8	-	2022-03-14
CVE-2021-25007	MOLIE <= 0.5 - Authenticated SQL Injection — MOLIE – Instructure Canvas Linking toolCWE-89	7.2	-	2022-03-14
CVE-2021-25006	MOLIE <= 0.5 - Reflected Cross-Site Scripting — MOLIE – Instructure Canvas Linking toolCWE-79	6.1	-	2022-03-14
CVE-2021-25003	WPCargo < 6.9.0 - Unauthenticated RCE — WPCargo Track & TraceCWE-94	9.8	-	2022-03-14
CVE-2021-24996	IDPay for Contact Form 7 <= 2.1.2 - Reflected Cross-Site Scripting — IDPay for Contact Form 7CWE-79	6.1	-	2022-03-14
CVE-2021-24995	HTML5 Responsive FAQ <= 2.8.5 - Admin+ Stored Cross-Site Scripting — HTML5 Responsive FAQCWE-79	4.8	-	2022-03-14
CVE-2021-24982	Child Theme Generator <= 2.2.7 - Reflected Cross-Site Scripting — Child Theme GeneratorCWE-79	5.4	-	2022-03-14
CVE-2021-24966	Error Log Viewer Plugin <= 1.1.1 - Admin+ Arbitrary File Clearing — Error Log Viewer by BestWebSoftCWE-73	4.9	-	2022-03-14
CVE-2021-24959	WP Email Users <= 1.7.6 - Subscriber+ SQL Injection — WP Email UsersCWE-89	8.8	-	2022-03-14
CVE-2021-24958	Meks Easy Photo Feed Widget < 1.2.4 - Subscriber+ Settings Update to Stored XSS — Meks Easy Photo Feed WidgetCWE-79	5.4	-	2022-03-14
CVE-2021-24950	Insight Core <= 1.0 - Subscriber+ PHP Object Injection & Stored XSS — Insight CoreCWE-862	6.3	-	2022-03-14

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Unknown — Vulnerabilities & Security Advisories 4143