Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4169

Browse all 4169 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by Unknown: Contest Gallery Download Manager Modern Events Calendar Lite Tutor LMS – eLearning and online course solution EventON wp-eMember AI ChatBot Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Logo Slider Elementor Website Builder Welcart e-Commerce Form Maker by 10Web wp-cart-for-digital-products Booster for WooCommerce wp-affiliate-platform Photo Gallery by 10Web Autoptimize Yi Technology Salon booking system MapPress Maps for WordPress WPQA Builder Popup box VikBooking Hotel Booking Engine & PMS WP MultiTasking EventPrime Frontend File Manager Plugin Simple Download Monitor Photo Gallery by 10Web – Mobile-Friendly Image Gallery Easy Forms for Mailchimp Newsletter Popup
CVE IDTitleCVSSSeverityPublished
CVE-2022-2449 reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF — reSmush.it : the only free Image Optimizer & compress pluginCWE-352 6.5 -2022-11-14
CVE-2022-2450 reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls — reSmush.it : the only free Image Optimizer & compress pluginCWE-862 4.3 -2022-11-14
CVE-2022-3415 Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting — Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me backCWE-79 6.1 -2022-11-14
CVE-2022-3469 WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting — WP AttachmentsCWE-79 4.8 -2022-11-14
CVE-2022-3484 WPB Show Core - Reflected Cross-Site Scripting — wpb-show-coreCWE-79 6.1 -2022-11-14
CVE-2022-3538 Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation — Webmaster Tools VerificationCWE-862 7.5 -2022-11-14
CVE-2022-3539 Testimonials (Free < 2.7, Pro < 1.0.8) - Admin+ Stored Cross-Site Scripting — TestimonialsCWE-79 4.8 -2022-11-14
CVE-2022-3574 WPForms Pro < 1.7.7 - CSV Injection — WPForms ProCWE-1236 9.8 -2022-11-14
CVE-2022-3578 ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting — ProfileGrid – User Profiles, Memberships, Groups and CommunitiesCWE-79 6.1 -2022-11-14
CVE-2022-3631 OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting — OAuth Client by DigitialPixiesCWE-79 4.8 -2022-11-14
CVE-2022-3632 OAuth Client by DigitialPixies <= 1.1.0 - CSRF — OAuth Client by DigitialPixiesCWE-352 6.5 -2022-11-14
CVE-2022-2387 Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF — Easy Digital Downloads – Simple eCommerce for Selling Digital FilesCWE-352 4.3 -2022-11-07
CVE-2022-2711 WP All Import < 3.6.9 - Admin+ Directory traversal via file upload — Import any XML or CSV File to WordPressCWE-22 7.2 -2022-11-07
CVE-2022-3418 WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE — Import any XML or CSV File to WordPressCWE-94 7.2 -2022-11-07
CVE-2022-3451 Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls — Product Stock ManagerCWE-862 4.3 -2022-11-07
CVE-2022-3462 Highlight Focus <= 1.1 - Admin+ Stored Cross Site Scripting — Highlight FocusCWE-79 4.8 -2022-11-07
CVE-2022-3463 FluentForm < 4.3.13 - CSV Injection — Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent FormsCWE-1236 8.8 -2022-11-07
CVE-2022-3481 WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi — WooCommerce Dropshipping 9.8 -2022-11-07
CVE-2022-3489 WP Hide <= 0.0.2 - Unauthenticated Settings Update — Wp-HideCWE-862 5.3 -2022-11-07
CVE-2022-3494 Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi — Complianz – GDPR/CCPA Cookie ConsentCWE-89 8.8 -2022-11-07
CVE-2022-3536 Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization — Role Based Pricing for WooCommerceCWE-502 8.8 -2022-11-07
CVE-2022-3537 Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload — Role Based Pricing for WooCommerceCWE-434 8.8 -2022-11-07
CVE-2022-3558 Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection — Import and export users and customersCWE-1236 8.0 -2022-11-07
CVE-2022-2167 Newspaper < 12 - Reflected Cross-Site Scripting — NewspaperCWE-79 6.1 -2022-10-31
CVE-2022-2190 Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting — Gallery Plugin for WordPress – Envira Photo GalleryCWE-79 6.1 -2022-10-31
CVE-2022-2627 Newspaper < 12 - Reflected Cross-Site Scripting — NewspaperCWE-79 6.1 -2022-10-31
CVE-2022-3096 WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS — WP Total HacksCWE-862 5.4 -2022-10-31
CVE-2022-3237 WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting — WP Contact SliderCWE-79 4.8 -2022-10-31
CVE-2022-3254 AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi — WordPress Classifieds Plugin – Ad Directory & Listings by AWP ClassifiedsCWE-89 9.8 -2022-10-31
CVE-2022-3334 Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection — Easy WP SMTPCWE-502 7.2 -2022-10-31

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.