Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4143

Browse all 4143 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by Unknown: Contest Gallery Download Manager EventON Tutor LMS – eLearning and online course solution Modern Events Calendar Lite AI ChatBot wp-eMember Logo Slider Welcart e-Commerce Elementor Website Builder Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Photo Gallery by 10Web Booster for WooCommerce Form Maker by 10Web Yi Technology wp-affiliate-platform wp-cart-for-digital-products Autoptimize Simple Download Monitor MapPress Maps for WordPress Salon booking system VikBooking Hotel Booking Engine & PMS WPQA Builder Frontend File Manager Plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery EventPrime Popup box WP MultiTasking wpb-show-core Transposh WordPress Translation
CVE IDTitleCVSSSeverityPublished
CVE-2021-24961 WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Shortcode — WordPress File UploadCWE-79 5.4 -2022-03-07
CVE-2021-24960 WordPress File Upload < 4.16.3 - Contributor+ Stored Cross-Site Scripting via Malicious SVG — WordPress File UploadCWE-434 5.4 -2022-03-07
CVE-2021-24953 Advanced iFrame < 2022 - Reflected Cross-Site Scripting — Advanced iFrameCWE-79 6.1 -2022-03-07
CVE-2021-24952 Conversios.io < 4.6.2 - Subscriber+ SQL Injection — Conversios.io – Google Analytics and Google Shopping plugin for WooCommerceCWE-89 8.8 -2022-03-07
CVE-2021-24826 Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting — Custom Content ShortcodeCWE-79 5.4 -2022-03-07
CVE-2021-24825 Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI — Custom Content ShortcodeCWE-345 4.3 -2022-03-07
CVE-2021-24824 Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access — Custom Content ShortcodeCWE-863 4.3 -2022-03-07
CVE-2021-24821 Cost Calculator < 1.6 - Contributor+ Stored Cross-Site Scripting — Cost CalculatorCWE-79 5.4 -2022-03-07
CVE-2021-24810 WP Event Manager < 3.1.23 - Admin+ Stored Cross-Site Scripting — WP Event Manager – Easily Build your Calendar of Events!CWE-79 4.8 -2022-03-07
CVE-2021-24778 Tradetracker-Store < 4.6.60 - Admin+ SQL Injection — Tradetracker-StoreCWE-89 7.2 -2022-03-07
CVE-2021-24777 Hotscot Contact Form < 1.3 - Admin+ SQL Injection — Hotscot Contact FormCWE-89 7.2 -2022-03-07
CVE-2021-24216 All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE — All-in-One WP MigrationCWE-434 7.2 -2022-03-07
CVE-2022-23912 AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting — Testimonial WordPress Plugin – AP Custom TestimonialCWE-79 6.1 -2022-02-28
CVE-2022-23911 AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection — Testimonial WordPress Plugin – AP Custom TestimonialCWE-89 7.2 -2022-02-28
CVE-2022-0411 Asgaros Forum < 2.0.0 - Subscriber+ Blind SQL Injection — Asgaros ForumCWE-89 8.8 -2022-02-28
CVE-2022-0385 Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS — Crazy BoneCWE-79 6.1 -2022-02-28
CVE-2022-0383 WP Review Slider < 11.0 - Admin+ SQL Injection — WP Review SliderCWE-89 7.2 -2022-02-28
CVE-2022-0377 LearnPress < 4.1.5 - Arbitrary Image Renaming — LearnPress 4.3 -2022-02-28
CVE-2022-0360 WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting — Easy Drag And drop All Import : WP Ultimate CSV ImporterCWE-79 4.8 -2022-02-28
CVE-2022-0345 Better Notifications for WP < 1.8.7 - Email Address Disclosure — Customize WordPress Emails and Alerts 4.3 -2022-02-28
CVE-2022-0328 Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF — Simple MembershipCWE-352 4.3 -2022-02-28
CVE-2022-0189 WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS) — WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and MoreCWE-79 6.1 -2022-02-28
CVE-2022-0150 WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS) — WP Accessibility Helper (WAH)CWE-79 6.1 -2022-02-28
CVE-2021-4222 WP Paginate < 2.1.4 - Admin+ Stored Cross-Site Scripting — WP-PaginateCWE-79 4.8 -2022-02-28
CVE-2021-25118 Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure — Yoast SEOCWE-200 5.3 -2022-02-28
CVE-2021-25112 WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS) — WHMCS BridgeCWE-79 6.1 -2022-02-28
CVE-2021-25081 WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF — Maps Plugin using Google Maps for WordPress – WP Google MapCWE-352 6.5 -2022-02-28
CVE-2021-25042 WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS — WP Visitor Statistics (Real Time Traffic)CWE-862 5.4 -2022-02-28
CVE-2021-25034 WP User < 7.0 - Reflected Cross-Site Scripting — WP User – Custom Registration Forms, Login and User ProfileCWE-79 6.1 -2022-02-28
CVE-2021-25011 WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update — Maps Plugin using Google Maps for WordPress – WP Google MapCWE-862 5.7 -2022-02-28

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.