Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4143

Browse all 4143 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by Unknown: Contest Gallery Download Manager EventON Tutor LMS – eLearning and online course solution Modern Events Calendar Lite AI ChatBot wp-eMember Logo Slider Welcart e-Commerce Elementor Website Builder Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Photo Gallery by 10Web Booster for WooCommerce Form Maker by 10Web Yi Technology wp-affiliate-platform wp-cart-for-digital-products Autoptimize Simple Download Monitor MapPress Maps for WordPress Salon booking system VikBooking Hotel Booking Engine & PMS WPQA Builder Frontend File Manager Plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery EventPrime Popup box WP MultiTasking wpb-show-core Transposh WordPress Translation
CVE IDTitleCVSSSeverityPublished
CVE-2021-24904 Mortgage Calculators WP < 1.56 - Admin+ Stored Cross-Site Scripting — Mortgage Calculators WPCWE-79 4.8 -2022-02-14
CVE-2021-24874 Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.31 - Reflected Cross-Site Scripting — Newsletter, SMTP, Email marketing and Subscribe forms by SendinblueCWE-79 6.1 -2022-02-14
CVE-2021-24446 Remove Footer Credit < 1.0.6 - CSRF to Stored Cross-Site Scripting — Remove Footer CreditCWE-352 5.4 -2022-02-14
CVE-2022-0149 WooCommerce – Store Exporter < 2.7.1 - Reflected Cross-Site Scripting (XSS) — WooCommerce – Store ExporterCWE-79 6.1 -2022-02-07
CVE-2022-0148 All-in-one Floating Contact Form < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS) — All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs – My Sticky ElementsCWE-79 5.4 -2022-02-07
CVE-2021-25108 IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF — IP2Location Country BlockerCWE-352 7.1 -2022-02-07
CVE-2021-25114 Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection — Paid Memberships ProCWE-89 9.8 -2022-02-07
CVE-2021-25106 WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS — Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPagesCWE-79 5.4 -2022-02-07
CVE-2021-25105 Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting — Ivory Search – WordPress Search PluginCWE-79 4.8 -2022-02-07
CVE-2021-25103 GTranslate < 2.9.7 - Reflected Cross-Site Scripting — Translate WordPress with GTranslateCWE-79 6.1 -2022-02-07
CVE-2021-25096 IP2Location Country Blocker < 2.26.5 - Ban Bypass — IP2Location Country BlockerCWE-639 6.5 -2022-02-07
CVE-2021-25084 Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion — Advanced Cron ManagerCWE-862 4.3 -2022-02-07
CVE-2021-25077 Store Toolkit for WooCommerce < 2.3.2 - Reflected Cross-Site Scripting — Store Toolkit for WooCommerceCWE-79 6.1 -2022-02-07
CVE-2021-25029 Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting — CLUEVO LMS, E-Learning PlatformCWE-79 4.8 -2022-02-07
CVE-2021-25004 SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download — SEUR OficialCWE-552 4.9 -2022-02-07
CVE-2021-24947 RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read — RVM – Responsive Vector MapsCWE-863 6.5 -2022-02-07
CVE-2021-24993 Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update — Ultimate Product Catalog – WordPress Catalog PluginCWE-862 4.3 -2022-02-07
CVE-2021-24928 Rearrange Woocommerce Products < 3.0.8 - Subscriber+ SQL Injection — Rearrange Woocommerce ProductsCWE-89 7.1 -2022-02-07
CVE-2021-24880 SupportCandy < 2.2.7 - Contributor+ Stored Cross-Site Scripting — SupportCandy – Helpdesk & Support Ticket SystemCWE-79 5.4 -2022-02-07
CVE-2021-24879 SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting — SupportCandy – Helpdesk & Support Ticket SystemCWE-352 7.3 -2022-02-07
CVE-2021-24843 SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF — SupportCandy – Helpdesk & Support Ticket SystemCWE-352 6.5 -2022-02-07
CVE-2021-24878 SupportCandy < 2.2.7 - Reflected Cross-Site Scripting — SupportCandy – Helpdesk & Support Ticket SystemCWE-79 6.1 -2022-02-07
CVE-2021-24839 SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion — SupportCandy – Helpdesk & Support Ticket SystemCWE-862 7.5 -2022-02-07
CVE-2021-25095 IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban — IP2Location Country BlockerCWE-352 5.4 -2022-02-07
CVE-2022-0320 Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI — Essential Addons for ElementorCWE-22 9.8 -2022-02-01
CVE-2022-0220 WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting — WordPress GDPR 4.7 -2022-02-01
CVE-2021-25092 Link Library < 7.2.8 - Library Settings Reset via CSRF — Link LibraryCWE-352 6.5 -2022-02-01
CVE-2021-25093 Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion — Link LibraryCWE-862 7.5 -2022-02-01
CVE-2021-25091 Link Library < 7.2.9 - Reflected Cross-Site Scripting — Link LibraryCWE-79 6.1 -2022-02-01
CVE-2021-25089 UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting — UpdraftPlus WordPress Backup PluginCWE-79 6.1 -2022-02-01

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.