Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4143

Browse all 4143 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by Unknown: Contest Gallery Download Manager EventON Tutor LMS – eLearning and online course solution Modern Events Calendar Lite AI ChatBot wp-eMember Logo Slider Welcart e-Commerce Elementor Website Builder Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Photo Gallery by 10Web Booster for WooCommerce Form Maker by 10Web Yi Technology wp-affiliate-platform wp-cart-for-digital-products Autoptimize Simple Download Monitor MapPress Maps for WordPress Salon booking system VikBooking Hotel Booking Engine & PMS WPQA Builder Frontend File Manager Plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery EventPrime Popup box WP MultiTasking wpb-show-core Transposh WordPress Translation
CVE IDTitleCVSSSeverityPublished
CVE-2021-25043 WOOCS < 1.3.7.3 - Reflected Cross-Site Scripting — WOOCS – Currency Switcher for WooCommerce. Professional and Free multi currency plugin – Pay in selected currencyCWE-79 6.1 -2022-01-10
CVE-2021-24948 The Plus Addons for Elementor Pro < 5.0.7 - Sensitive Data Disclosure — The Plus Addons for Elementor - ProCWE-200 7.5 -2022-01-10
CVE-2021-24949 The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection — The Plus Addons for Elementor - ProCWE-89 7.2 -2022-01-10
CVE-2021-24862 RegistrationMagic < 5.0.1.6 - Admin+ SQL Injection — RegistrationMagic – Custom Registration Forms, User Registration and User Login PluginCWE-89 7.2 -2022-01-10
CVE-2021-25032 PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise — PublishPress Capabilities – User Role Access, Editor Permissions, Admin MenusCWE-352 9.8 -2022-01-10
CVE-2021-25040 Booking Calendar < 8.9.2 - Reflected Cross-Site Scripting — Booking CalendarCWE-79 6.1 -2022-01-03
CVE-2021-25030 Events Made Easy < 2.2.36 - Subscriber+ SQL Injection — Events Made EasyCWE-89 8.8 -2022-01-03
CVE-2021-25027 PowerPack Addons for Elementor < 2.6.2 - Reflected Cross-Site Scripting — PowerPack Addons for ElementorCWE-79 6.1 -2022-01-03
CVE-2021-25022 UpdraftPlus < 1.16.66 - Reflected Cross-Site Scripting — UpdraftPlus WordPress Backup PluginCWE-79 6.1 -2022-01-03
CVE-2021-25023 Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection — Speed Booster Pack ⚡ PageSpeed Optimization SuiteCWE-89 7.2 -2022-01-03
CVE-2021-25021 OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal — OMGF | Host Google Fonts LocallyCWE-22 4.9 -2022-01-03
CVE-2021-25020 CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal — CAOS | Host Google Analytics LocallyCWE-22 4.9 -2022-01-03
CVE-2021-25001 Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module — Booster for WooCommerceCWE-79 6.1 -2022-01-03
CVE-2021-25016 Chaty < 2.8.3 - Reflected Cross-Site Scripting — Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button – ChatyCWE-79 6.1 -2022-01-03
CVE-2021-25000 Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module — Booster for WooCommerceCWE-79 6.1 -2022-01-03
CVE-2021-24991 WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting — WooCommerce PDF Invoices & Packing SlipsCWE-79 6.1 -2022-01-03
CVE-2021-24999 Booster for Woocommerce < 5.4.9 - Reflected Cross-Site Scripting in PDF Invoicing Module — Booster for WooCommerceCWE-79 6.1 -2022-01-03
CVE-2021-24973 Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting — Site ReviewsCWE-79 6.1 -2022-01-03
CVE-2021-24964 LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS — LiteSpeed CacheCWE-79 6.1 -2022-01-03
CVE-2021-24963 LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting — LiteSpeed CacheCWE-79 6.1 -2022-01-03
CVE-2021-24893 Stars Rating < 3.5.1 - Comments Denial of Service — Stars RatingCWE-400 8.2 -2022-01-03
CVE-2021-24831 Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls — Tab – Accordion, FAQCWE-862 7.5 -2022-01-03
CVE-2021-24828 Mortgage Calculator / Loan Calculator < 1.5.17 - Contributor+ Stored Cross-Site Scripting — Mortgage Calculator / Loan CalculatorCWE-79 5.4 -2022-01-03
CVE-2021-24786 Download Monitor < 4.4.5 - Admin+ SQL Injection — Download MonitorCWE-89 7.2 -2022-01-03
CVE-2021-24680 WP Travel Engine < 5.3.1 - Editor+ Stored Cross-Site Scripting — WP Travel Engine – Travel and Tour Booking PluginCWE-79 5.4 -2022-01-03
CVE-2021-24997 WP Guppy < 1.3 - Sensitive Information Disclosure — WP GuppyCWE-862 6.5 -2021-12-27
CVE-2021-24998 Simple JWT Login < 3.3.0 - Insecure Password Creation — Simple JWT Login 9.8 -2021-12-27
CVE-2021-24992 Buttonizer - Smart Floating Action Button < 2.5.5 - Admin+ Stored Cross-Site Scripting — Smart Floating / Sticky Buttons – Call, Sharing, Chat Widgets & More – ButtonizerCWE-79 4.8 -2021-12-27
CVE-2021-24984 WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting — WPFront User Role EditorCWE-79 6.1 -2021-12-27
CVE-2021-24988 WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting — WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and MoreCWE-79 5.4 -2021-12-27

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.