Unknown — Vulnerabilities & Security Advisories 4143

Browse all 4143 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-24940	Persian Woocommerce <= 5.8.0 - Reflected Cross-Site Scripting — ووکامرس فارسیCWE-79	6.1	-	2022-03-14
CVE-2021-24897	Add Subtitle <= 1.1.0 - Contributor+ Stored Cross-Site Scripting — Add SubtitleCWE-79	5.4	-	2022-03-14
CVE-2021-24895	Cybersoldier < 1.7.0 - Admin+ Stored Cross-Site Scripting — CybersoldierCWE-79	4.8	-	2022-03-14
CVE-2021-24692	Simple Download Monitor < 3.9.5 - Contributor+ Arbitrary File Download via Path Traversal — Simple Download MonitorCWE-22	6.5	-	2022-03-14
CVE-2022-0535	E2Pdf < 1.16.45 - Admin+ Stored Cross-Site Scripting (XSS) — E2Pdf – Export To Pdf Tool for WordPressCWE-79	4.8	-	2022-03-07
CVE-2022-0533	Ditty (formerly Ditty News Ticker) < 3.0.15 - Reflected Cross-Site Scripting (XSS) — Ditty (formerly Ditty News Ticker)CWE-79	6.1	-	2022-03-07
CVE-2022-0448	CP Blocks < 1.0.15 - Admin+ Stored Cross-Site Scripting — CP BlocksCWE-79	4.8	-	2022-03-07
CVE-2022-0445	WordPress Real Cookie Banner < 2.14.2 - Settings Reset via CSRF — WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie ConsentCWE-352	6.5	-	2022-03-07
CVE-2022-0442	UsersWP < 1.2.3.1 - Subscriber+ User Avatar Override — UsersWP – User Registration & User ProfileCWE-639	4.3	-	2022-03-07
CVE-2022-0441	MasterStudy LMS < 2.7.6 - Unauthenticated Admin Account Creation — MasterStudy LMS – WordPress LMS PluginCWE-269	9.8	-	2022-03-07
CVE-2022-0440	Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution — Catch Themes Demo ImportCWE-434	7.2	-	2022-03-07
CVE-2022-0439	Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection — Email Subscribers & Newsletters	8.0	-	2022-03-07
CVE-2022-0434	Page Views Count < 2.4.15 - Unauthenticated SQL Injection — Page View CountCWE-89	9.8	-	2022-03-07
CVE-2022-0429	WP Cerber Security, Anti-spam & Malware Scan < 8.9.6 - Unauthenticated Stored Cross-Site Scripting — WP Cerber Security, Anti-spam & Malware ScanCWE-79	6.1	-	2022-03-07
CVE-2022-0426	Product Feed PRO for WooCommerce < 11.2.3 - Reflected Cross-Site Scripting — Product Feed PRO for WooCommerceCWE-79	5.4	-	2022-03-07
CVE-2022-0422	White Label MS < 2.2.9 - Reflected Cross-Site Scripting — White Label CMSCWE-79	6.1	-	2022-03-07
CVE-2022-0420	RegistrationMagic < 5.0.2.2 - Admin+ SQL Injection — RegistrationMagic – Custom Registration Forms, User Registration and User Login PluginCWE-89	7.2	-	2022-03-07
CVE-2022-0410	WP Visitor Statistics (Real Time Traffic) < 5.6 - Subscriber+ SQL Injection — WP Visitor Statistics (Real Time Traffic)CWE-89	8.8	-	2022-03-07
CVE-2022-0389	WP Time Slots Booking Form < 1.1.63 - Admin+ Stored Cross-Site Scripting — WP Time Slots Booking FormCWE-79	4.8	-	2022-03-07
CVE-2022-0384	Video Conferencing with Zoom < 3.8.17 - E-mail Address Disclosure — Video Conferencing with ZoomCWE-200	4.3	-	2022-03-07
CVE-2022-0349	NotificationX < 2.3.9 - Unauthenticated Blind SQL Injection — NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With ElementorCWE-89	9.8	-	2022-03-07
CVE-2022-0347	LoginPress < 1.5.12 - Reflected Cross-Site Scripting — LoginPress \| Custom Login Page CustomizerCWE-79	6.1	-	2022-03-07
CVE-2022-0267	AdRotate < 5.8.22 - Admin+ SQL Injection — AdRotate – Ad manager & AdSense AdsCWE-89	7.2	-	2022-03-07
CVE-2022-0205	YOP Poll < 6.3.5 - Author+ Stored Cross-Site Scripting — YOP PollCWE-79	5.4	-	2022-03-07
CVE-2022-0163	Smart Forms < 2.6.71 - Subscriber+ Form Data Download — Smart Forms – when you need more than just a contact formCWE-862	6.5	-	2022-03-07
CVE-2021-25098	Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF — Pricing Tables WordPress Plugin – Easy Pricing TablesCWE-352	6.5	-	2022-03-07
CVE-2021-25087	Wordpress Download Manager < 3.2.25 - Sensitive Information Disclosure — Download ManagerCWE-862	7.5	-	2022-03-07
CVE-2021-25039	Multisite Content Copier/Updater < 2.1.0 - Reflected Cross-Site Scripting — WordPress Multisite Content Copier/UpdaterCWE-79	6.1	-	2022-03-07
CVE-2021-25038	Multisite User Sync/Unsync < 2.1.2 - Reflected Cross-Site Scripting — WordPress Multisite User Sync/UnsyncCWE-79	6.1	-	2022-03-07
CVE-2021-25009	CorreosExpress <= 2.6.0 - Sensitive Information Disclosure — CorreosExpress – Shipping Management – TagsCWE-532	5.3	-	2022-03-07

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Unknown — Vulnerabilities & Security Advisories 4143