Unknown — Vulnerabilities & Security Advisories 4143

Browse all 4143 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-24985	Easy Forms for Mailchimp < 6.8.6 - Reflected Cross-Site Scripting — Easy Forms for MailchimpCWE-79	6.1	-	2022-01-24
CVE-2021-24976	Smart SEO Tool < 3.0.6 - Reflected Cross-Site Scripting — Smart SEO Tool – SEO优化插件CWE-79	6.1	-	2022-01-24
CVE-2021-24974	Product Feed PRO for WooCommerce < 11.0.7 - Subscriber+ Settings Update to Stored XSS — Product Feed PRO for WooCommerceCWE-79	5.4	-	2022-01-24
CVE-2021-24968	Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation — Ultimate FAQ – WordPress FAQ and Accordion PluginCWE-862	3.5	-	2022-01-24
CVE-2021-24965	Five Star Restaurant Reservations < 2.4.8 - Subscriber+ Stored Cross-Site Scripting — Five Star Restaurant Reservations – WordPress Booking PluginCWE-79	5.4	-	2022-01-24
CVE-2021-24936	WP Extra File Types < 0.5.1 - CSRF to Stored Cross-Site Scripting — WP Extra File TypesCWE-352	8.2	-	2022-01-24
CVE-2021-24923	Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.25 - Reflected XSS — Newsletter, SMTP, Email marketing and Subscribe forms by SendinblueCWE-79	6.1	-	2022-01-24
CVE-2021-24906	Protect WP Admin < 3.6.2 - Unauthenticated Plugin Deactivation — Protect WP AdminCWE-862	7.5	-	2022-01-24
CVE-2021-24865	Advanced Custom Fields: Extended < 0.8.8.7 - Admin+ SQL Injection — Advanced Custom Fields: ExtendedCWE-89	7.2	-	2022-01-24
CVE-2021-24858	WP Cookie User Info < 1.0.9 - Admin+ SQL Injection — Cookie Notification Plugin for WordPress – WP Cookie User InfoCWE-89	7.2	-	2022-01-24
CVE-2021-24733	WP Post Page Clone < 1.2 - Unauthorised Post Access — WP Post Page CloneCWE-863	4.3	-	2022-01-24
CVE-2021-24696	Simple Download Monitor < 3.9.9 - Multiple CSRF — Simple Download MonitorCWE-352	8.8	-	2022-01-24
CVE-2021-24694	Simple Download Monitor < 3.9.11 - Contributor+ Stored Cross-Site Scripting via Shortcodes — Simple Download MonitorCWE-79	5.4	-	2022-01-24
CVE-2021-24423	UpdraftPlus < 1.16.59 - Admin+ Stored Cross-Site Scripting — UpdraftPlus WordPress Backup PluginCWE-79	4.8	-	2022-01-24
CVE-2021-25067	Landing Page Builder < 1.4.9.6 - Authenticated Reflected Cross-Site Scripting (XSS) — Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing PagesCWE-79	5.4	-	2022-01-17
CVE-2021-25065	Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting (XSS) — Smash Balloon Social Post FeedCWE-79	5.4	-	2022-01-17
CVE-2021-25061	WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS) — WP Booking System – Booking CalendarCWE-79	5.4	-	2022-01-17
CVE-2021-25046	Modern Events Calendar Lite < 6.2.0 - Subscriber+ Category Add Leading to Stored XSS — Modern Events Calendar LiteCWE-79	5.4	-	2022-01-17
CVE-2021-25037	All In One SEO < 4.1.5.3 - Authenticated SQL Injection — All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase TrafficCWE-89	6.5	-	2022-01-17
CVE-2021-25036	All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation — All in One SEO – Best WordPress SEO Plugin – Easily Improve SEO Rankings & Increase TrafficCWE-287	8.8	-	2022-01-17
CVE-2021-25024	Event Calendar < 1.1.51 - Reflected Cross-Site Scripting — EventCalendarCWE-79	6.1	-	2022-01-17
CVE-2021-25005	SEUR Oficial < 1.7.0 - Admin+ Stored Cross-Site Scripting — SEUR OficialCWE-79	4.8	-	2022-01-17
CVE-2021-24909	ACF Photo Gallery Field < 1.7.5 - Reflected Cross-Site Scripting — ACF Photo Gallery FieldCWE-79	6.1	-	2022-01-17
CVE-2021-24838	AnyComment < 0.3.5 - Open Redirect — AnyCommentCWE-601	6.1	-	2022-01-17
CVE-2021-25025	Event Calendar < 1.1.51 - Subscriber+ Event Creation — EventCalendarCWE-352	4.3	-	2022-01-17
CVE-2021-25054	WPcalc <= 2.1 - Authenticated SQL Injection — WPcalc – create any online calculatorsCWE-89	7.2	-	2022-01-10
CVE-2021-25052	Button Generator < 2.3.3 - RFI leading to RCE via CSRF — Button Generator – easily Button BuilderCWE-352	8.8	-	2022-01-10
CVE-2021-25053	WP Coder < 2.5.2 - RFI leading to RCE via CSRF — WP Coder – add custom html, css and js codeCWE-352	8.8	-	2022-01-10
CVE-2021-25051	Modal Window < 5.2.2 - RFI leading to RCE via CSRF — Modal Window – create popup modal windowCWE-352	8.8	-	2022-01-10
CVE-2021-25047	10Web Social Photo Feed < 1.4.29 - Reflected Cross-Site Scripting (XSS) — 10Web Social Photo FeedCWE-79	6.1	-	2022-01-10

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Unknown — Vulnerabilities & Security Advisories 4143