Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4169

Browse all 4169 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by Unknown: Contest Gallery Download Manager Modern Events Calendar Lite Tutor LMS – eLearning and online course solution EventON wp-eMember AI ChatBot Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Logo Slider Elementor Website Builder Welcart e-Commerce Form Maker by 10Web wp-cart-for-digital-products Booster for WooCommerce wp-affiliate-platform Photo Gallery by 10Web Autoptimize Yi Technology Salon booking system MapPress Maps for WordPress WPQA Builder Popup box VikBooking Hotel Booking Engine & PMS WP MultiTasking EventPrime Frontend File Manager Plugin Simple Download Monitor Photo Gallery by 10Web – Mobile-Friendly Image Gallery Easy Forms for Mailchimp Newsletter Popup
CVE IDTitleCVSSSeverityPublished
CVE-2022-2409 Rough Chart <= 1.0.0 - Admin+ Stored Cross-Site Scripting — Rough ChartCWE-79 4.8 -2022-08-08
CVE-2022-2398 WP Comments Fields < 4.1 - Admin+ Stored Cross-Site Scripting — WordPress Comments FieldsCWE-79 4.8 -2022-08-08
CVE-2022-2395 weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting — weForms – Easy Drag & Drop Contact Form Builder For WordPressCWE-79 4.8 -2022-08-08
CVE-2022-2391 Inspiro Pro < 7.2.3 - Contributor+ Stored Cross-Site Scripting — Inspiro PROCWE-79 5.4 -2022-08-08
CVE-2022-2386 Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting — Crowdsignal Dashboard – Polls, Surveys & moreCWE-79 6.1 -2022-08-08
CVE-2022-2372 YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting — YaySMTP – Simple WP SMTP MailCWE-79 4.8 -2022-08-08
CVE-2022-2371 YaySMTP < 2.2.1 - Subscriber+ Stored Cross-Site Scripting — YaySMTP – Simple WP SMTP MailCWE-79 5.4 -2022-08-08
CVE-2022-2367 WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass — WSM DownloaderCWE-639 7.5 -2022-08-08
CVE-2022-2357 WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download — WSM DownloaderCWE-552 7.5 -2022-08-08
CVE-2022-2356 User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload — Frontend File Manager & Sharing – User Private FilesCWE-434 8.8 -2022-08-08
CVE-2022-2355 Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF — Easy Username UpdaterCWE-352 6.5 -2022-08-08
CVE-2022-2269 Website File Changes Monitor < 1.8.3 - Admin+ SQLi — Website File Changes MonitorCWE-89 7.2 -2022-08-08
CVE-2022-2046 Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload — Directorist – WordPress Business Directory Plugin with Classified Ads ListingsCWE-434 6.5 -2022-08-08
CVE-2022-1323 Discy < 5.0 - Subscriber+ Broken Access Control to change settings — Discy 6.5 -2022-08-08
CVE-2022-2370 YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak — YaySMTP 6.5 -2022-08-01
CVE-2022-2369 YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure — YaySMTP – Simple WP SMTP MailCWE-862 4.3 -2022-08-01
CVE-2022-2328 Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting — Flexi Quote RotatorCWE-79 4.8 -2022-08-01
CVE-2022-2325 Invitation Based Registrations <= 2.2.84 - Admin+ Stored Cross-Site Scripting — Invitation Based RegistrationsCWE-79 4.8 -2022-08-01
CVE-2022-2317 Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation — Simple MembershipCWE-269 8.8 -2022-08-01
CVE-2022-2305 WordPress Popup <= 1.9.3.8 - Admin+ Stored Cross-Site Scripting — Popups – WordPress PopupCWE-79 4.8 -2022-08-01
CVE-2022-2278 Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting — Featured Image from URL (FIFU)CWE-79 4.8 -2022-08-01
CVE-2022-2273 Simple Membership < 4.1.3 - Membership Privilege Escalation — Simple MembershipCWE-269 8.8 -2022-08-01
CVE-2022-2260 GiveWP < 2.21.3 - DoS via CSRF — GiveWP – Donation Plugin and Fundraising PlatformCWE-352 6.5 -2022-08-01
CVE-2022-2245 Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF — Counter Box – WordPress plugin for countdown, timer, counterCWE-352 8.8 -2022-08-01
CVE-2022-2241 Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF — Featured Image from URL (FIFU) 6.1 -2022-08-01
CVE-2022-2215 GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 4.8 -2022-08-01
CVE-2022-2184 CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF — CAPTCHA 4WPCWE-22 8.8 -2022-08-01
CVE-2022-2181 Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting — Advanced WordPress ResetCWE-79 6.1 -2022-08-01
CVE-2022-2171 Progressive License <= 1.1.0 - CSRF to Stored XSS — Progressive LicenseCWE-352 4.6 -2022-08-01
CVE-2022-2170 Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting — Microsoft Advertising Universal Event Tracking (UET)CWE-79 4.8 -2022-08-01

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.