Unknown — Vulnerabilities & Security Advisories 4143

Browse all 4143 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-24169	Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS) — Advanced Order Export For WooCommerceCWE-79	6.1	-	2021-04-05
CVE-2021-24170	User Profile Picture < 2.5.0 - Sensitive Information Disclosure — User Profile PictureCWE-200	7.5	-	2021-04-05
CVE-2021-24171	WooCommerce Upload Files < 59.4 - Unauthenticated Arbitrary File Upload — WooCommerce Upload FilesCWE-434	9.8	-	2021-04-05
CVE-2021-24172	VM Backups <= 1.0 - CSRF to Database Backup Download — VM BackupsCWE-352	6.5	-	2021-04-05
CVE-2021-24173	VM Backups <= 1.0 - CSRF to Stored Cross-Site Scripting (XSS) — VM BackupsCWE-352	6.1	-	2021-04-05
CVE-2021-24174	Database Backups <= 1.2.2.6 - CSRF to Backup Download — Database BackupsCWE-352	8.3	-	2021-04-05
CVE-2021-24175	The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass — The Plus Addons for Elementor Page BuilderCWE-287	9.8	-	2021-04-05
CVE-2021-24176	JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) — JH 404 LoggerCWE-79	5.4	-	2021-04-05
CVE-2021-24159	Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Contact Form 7 StyleCWE-352	7.1	-	2021-04-05
CVE-2021-24163	Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-200	8.8	-	2021-04-05
CVE-2021-24164	Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-200	4.3	-	2021-04-05
CVE-2021-24165	Ninja Forms < 3.4.34 - Administrator Open Redirect — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-601	6.1	-	2021-04-05
CVE-2021-24166	Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-352	5.4	-	2021-04-05
CVE-2021-24167	Web-Stat < 1.4.1 - API Key Disclosure — Web-StatCWE-200	10.0	-	2021-04-05
CVE-2021-24150	Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF — Like Button Rating ♥ LikeBtnCWE-918	7.5	-	2021-04-05
CVE-2021-24152	Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS) — Popup Builder – Responsive WordPress Pop up – Subscription & NewsletterCWE-79	6.1	-	2021-04-05
CVE-2021-24153	Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS) — Yoast SEOCWE-79	5.4	-	2021-04-05
CVE-2021-24154	Theme Editor < 2.6 - Authenticated Arbitrary File Download — Theme EditorCWE-552	4.9	-	2021-04-05
CVE-2021-24155	Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload — WordPress Backup and Migrate Plugin – Backup GuardCWE-434	7.2	-	2021-04-05
CVE-2021-24156	Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting — Testimonial RotatorCWE-79	5.4	-	2021-04-05
CVE-2021-24157	Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting — Orbit Fox by ThemeIsleCWE-79	5.4	-	2021-04-05
CVE-2021-24158	Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation — Orbit Fox by ThemeIsleCWE-269	6.5	-	2021-04-05
CVE-2021-24142	301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection — 301 Redirects - Easy Redirect ManagerCWE-89	7.2	-	2021-03-18
CVE-2021-24143	AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection — AccessPress Social IconsCWE-89	8.8	-	2021-03-18
CVE-2021-24144	Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection — Contact Form 7 Database AddonCWE-74	8.8	-	2021-03-18
CVE-2021-24145	Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE — Modern Events Calendar LiteCWE-434	7.2	-	2021-03-18
CVE-2021-24146	Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export — Modern Events Calendar LiteCWE-284	-	-	2021-03-18
CVE-2021-24147	Modern Events Calendar Lite < 5.16.5 - Authenticated Stored Cross-Site Scripting (XSS) — Modern Events Calendar LiteCWE-79	5.4	-	2021-03-18
CVE-2021-24148	MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple — MStore APICWE-287	7.5	-	2021-03-18
CVE-2021-24149	Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection — Modern Events Calendar LiteCWE-89	8.8	-	2021-03-18

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Unknown — Vulnerabilities & Security Advisories 4143