Unknown — Vulnerabilities & Security Advisories 4143

Browse all 4143 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-24514	Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting — Visual Form BuilderCWE-79	4.8	-	2021-10-25
CVE-2021-24489	Request a Quote < 2.3.9 - Admin+ Stored Cross-Site Scripting — Request a Quote	5.4	-	2021-10-25
CVE-2021-24487	St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting — St-Daily-TipCWE-352	5.4	-	2021-10-25
CVE-2021-24485	Special Text Boxes < 5.9.110 - Admin+ Stored Cross-Site Scripting — Special Text BoxesCWE-79	4.8	-	2021-10-25
CVE-2021-24414	YT Player < 1.4 - Contributor+ Stored Cross-Site Scripting — Video Player for YouTubeCWE-79	5.4	-	2021-10-25
CVE-2021-24381	NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-79	4.8	-	2021-10-25
CVE-2021-24760	Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting — Gutenberg PDF Viewer BlockCWE-79	5.4	-	2021-10-18
CVE-2021-24754	MainWP Child Reports < 2.0.8 - Admin+ SQL Injection — MainWP Child ReportsCWE-89	7.2	-	2021-10-18
CVE-2021-24743	Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS — Podcast Subscribe ButtonsCWE-79	5.4	-	2021-10-18
CVE-2021-24740	Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting — Tutor LMS – eLearning and online course solutionCWE-79	4.8	-	2021-10-18
CVE-2021-24736	Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting — Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared FilesCWE-79	5.4	-	2021-10-18
CVE-2021-24735	Compact WP Audio Player < 1.9.7 - Setting Change via CSRF — Compact WP Audio PlayerCWE-352	6.5	-	2021-10-18
CVE-2021-24734	Compact WP Audio Player < 1.9.7 - Contributor+ Stored Cross-Site Scripting — Compact WP Audio PlayerCWE-79	5.4	-	2021-10-18
CVE-2021-24732	Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting — PDF Flipbook, 3D Flipbook WordPress – DearFlipCWE-79	5.4	-	2021-10-18
CVE-2021-24702	LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting — LearnPress – WordPress LMS PluginCWE-79	4.8	-	2021-10-18
CVE-2021-24684	PDF Light Viewer < 1.4.12 - Authenticated Command Injection — WordPress PDF Light Viewer PluginCWE-78	8.8	-	2021-10-18
CVE-2021-24677	Find My Blocks < 3.4.0 - Private Post Titles Disclosure — Find My BlocksCWE-862	5.3	-	2021-10-18
CVE-2021-24675	One User Avatar < 2.3.7 - Avatar Update via CSRF — One User Avatar \| User Profile PictureCWE-352	6.5	-	2021-10-18
CVE-2021-24672	One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting — One User Avatar \| User Profile PictureCWE-79	5.4	-	2021-10-18
CVE-2021-24642	Scroll Baner <= 1.0 - CSRF to RCE — Scroll BanerCWE-352	6.5	-	2021-10-18
CVE-2021-24622	WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting — Customer Service Software & Support Ticket SystemCWE-79	4.8	-	2021-10-18
CVE-2021-24617	GamePress <= 1.1.0 - Reflected Cross-Site Scripting — GamePress – The Game Database PluginCWE-79	6.1	-	2021-10-18
CVE-2021-24615	Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting — 微信打赏（Wechat Reward)CWE-352	5.4	-	2021-10-18
CVE-2021-24612	Sociable <= 4.3.4.1 - Admin+ Stored Cross-Site Scripting — SociableCWE-79	4.8	-	2021-10-18
CVE-2021-24595	WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting — Wp Cookie ChoiceCWE-352	6.5	-	2021-10-18
CVE-2021-24516	PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting — PlanSo FormsCWE-79	4.8	-	2021-10-18
CVE-2021-24416	StreamCast < 2.1.1 - Contributor+ Stored Cross-Site Scripting — StreamCast – Radio Player for WordPressCWE-79	5.4	-	2021-10-18
CVE-2021-24415	Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting — Polo Video Gallery – Best wordpress video gallery pluginCWE-79	5.4	-	2021-10-18
CVE-2021-24413	Easy Twitter Feed < 1.2 - Contributor+ Stored Cross-Site Scripting — Easy Twitter FeedCWE-79	5.4	-	2021-10-18
CVE-2021-24412	Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting — Html5 Audio Player – Audio Player for WordPressCWE-79	5.4	-	2021-10-18

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Unknown — Vulnerabilities & Security Advisories 4143