Unknown — Vulnerabilities & Security Advisories 4149

Browse all 4149 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-25118	Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure — Yoast SEOCWE-200	5.3	-	2022-02-28
CVE-2021-25112	WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS) — WHMCS BridgeCWE-79	6.1	-	2022-02-28
CVE-2021-25081	WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF — Maps Plugin using Google Maps for WordPress – WP Google MapCWE-352	6.5	-	2022-02-28
CVE-2021-25042	WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS — WP Visitor Statistics (Real Time Traffic)CWE-862	5.4	-	2022-02-28
CVE-2021-25034	WP User < 7.0 - Reflected Cross-Site Scripting — WP User – Custom Registration Forms, Login and User ProfileCWE-79	6.1	-	2022-02-28
CVE-2021-25011	WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update — Maps Plugin using Google Maps for WordPress – WP Google MapCWE-862	5.7	-	2022-02-28
CVE-2021-25010	Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting — Post SnippetsCWE-352	8.2	-	2022-02-28
CVE-2021-24994	WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting — Migration, Backup, Staging – WPvivid Backup and Migration PluginCWE-79	6.1	-	2022-02-28
CVE-2021-24977	Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending — Use Any Font \| Custom Font UploaderCWE-862	6.1	-	2022-02-28
CVE-2021-24971	WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS — WP Responsive MenuCWE-79	5.4	-	2022-02-28
CVE-2021-24933	Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting — Dynamic WidgetsCWE-79	5.4	-	2022-02-28
CVE-2021-24920	StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting — StatCounter – Free Real Time Visitor StatsCWE-79	4.8	-	2022-02-28
CVE-2021-24913	Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF — Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo GridCWE-352	4.3	-	2022-02-28
CVE-2021-24903	GRAND FlaGallery <= 6.1.2 - Admin+ Stored Cross-Site Scripting — Album and Image Gallery with Lightbox – Flagallery Photo PortfolioCWE-79	4.8	-	2022-02-28
CVE-2021-24901	Security Audit <= 1.0.0 - Admin+ Stored Cross Site Scripting — Security AuditCWE-79	4.8	-	2022-02-28
CVE-2021-24898	EditableTable <= 0.1.4 - Admin+ Stored Cross-Site Scripting — Editable Table Simple Fast FrontEnd From Sql tablesCWE-79	4.8	-	2022-02-28
CVE-2021-24864	WP Cloudy < 4.4.9 - Admin+ SQL Injection — WP Cloudy, weather pluginCWE-89	8.8	-	2022-02-28
CVE-2021-24823	Support Board < 3.3.6 - Arbitrary File Deletion via CSRF — Support BoardCWE-352	8.1	-	2022-02-28
CVE-2021-24820	Cost Calculator <= 1.6 - Authenticated Local File Inclusion — Cost CalculatorCWE-22	8.1	-	2022-02-28
CVE-2021-24803	Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF — Core Tweaks WP SetupCWE-352	8.8	-	2022-02-28
CVE-2021-24730	Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update — Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo GridCWE-862	4.3	-	2022-02-28
CVE-2021-24704	Orange Form <= 1.0 - SQL Injection via CSRF — Orange FormCWE-89	6.8	-	2022-02-28
CVE-2021-24689	Contact Forms - Drag & Drop Contact Form Builder <= 1.0.5 - Admin+ Arbitrary System File Read — Contact Forms – Drag & Drop Contact Form BuilderCWE-22	4.9	-	2022-02-28
CVE-2021-24688	Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion — Orange FormCWE-284	4.3	-	2022-02-28
CVE-2020-36510	15Zine < 3.3.0 - Reflected Cross-Site Scripting — 15ZineCWE-79	6.1	-	2022-02-28
CVE-2022-0313	Float Menu < 4.3.1 - Arbitrary Menu Deletion via CSRF — Float menu – awesome floating side menuCWE-352	4.3	-	2022-02-21
CVE-2022-0288	Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting — Ad Inserter – Ad Manager & AdSense AdsCWE-79	6.1	-	2022-02-21
CVE-2022-0279	AnyComment < 0.2.18 - Comment Rating Increase/Decrease via Race Condition — AnyCommentCWE-362	3.1	-	2022-02-21
CVE-2022-0255	Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection — Database Backup for WordPressCWE-89	7.2	-	2022-02-21
CVE-2022-0252	Give < 2.17.3 - Reflected Cross-Site Scripting via Import Tool — GiveWP – Donation Plugin and Fundraising PlatformCWE-79	6.1	-	2022-02-21

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Unknown — Vulnerabilities & Security Advisories 4149