Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4175

Browse all 4175 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by Unknown: Contest Gallery Download Manager Modern Events Calendar Lite Tutor LMS – eLearning and online course solution EventON AI ChatBot wp-eMember Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Elementor Website Builder Welcart e-Commerce Logo Slider Photo Gallery by 10Web Autoptimize Form Maker by 10Web Yi Technology wp-cart-for-digital-products Booster for WooCommerce wp-affiliate-platform Salon booking system LearnPress WP MultiTasking Photo Gallery by 10Web – Mobile-Friendly Image Gallery MapPress Maps for WordPress EventPrime Simple Download Monitor WPQA Builder Popup box VikBooking Hotel Booking Engine & PMS Frontend File Manager Plugin Blog2Social: Social Media Auto Post & Scheduler
CVE IDTitleCVSSSeverityPublished
CVE-2022-2241 Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF — Featured Image from URL (FIFU) 6.1 -2022-08-01
CVE-2022-2215 GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79 4.8 -2022-08-01
CVE-2022-2184 CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF — CAPTCHA 4WPCWE-22 8.8 -2022-08-01
CVE-2022-2181 Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting — Advanced WordPress ResetCWE-79 6.1 -2022-08-01
CVE-2022-2171 Progressive License <= 1.1.0 - CSRF to Stored XSS — Progressive LicenseCWE-352 4.6 -2022-08-01
CVE-2022-2170 Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting — Microsoft Advertising Universal Event Tracking (UET)CWE-79 4.8 -2022-08-01
CVE-2022-1950 Youzify < 1.2.0 - Unauthenticated SQLi — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPressCWE-89 9.8 -2022-08-01
CVE-2022-1906 Copyright Proof <= 4.16 - Reflected Cross-Site-Scripting — Copyright ProofCWE-79 6.1 -2022-08-01
CVE-2022-1600 YOP Poll < 6.4.3 - IP Spoofing — YOP PollCWE-639 5.3 -2022-08-01
CVE-2022-1585 Project Source Code Download <= 1.0.0 - Unauthenticated Backup Download — WordPress project source code downloadCWE-552 7.5 -2022-08-01
CVE-2022-1324 Event Timeline <= 1.1.5 - Admin+ Stored Cross-Site Scripting — Event Timeline – Vertical TimelineCWE-79 4.8 -2022-08-01
CVE-2022-0598 Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS — Login with phone numberCWE-79 4.8 -2022-08-01
CVE-2022-2341 Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting — Simple Page TransitionCWE-79 4.8 -2022-07-25
CVE-2022-2340 W-DALIL <= 2.0 - Admin+ Stored Cross-Site Scripting — W-DALILCWE-79 4.8 -2022-07-25
CVE-2022-2299 Allow SVG Files <= 1.1 - Author+ Stored Cross Site Scripting via SVG — Allow svg filesCWE-79 5.4 -2022-07-25
CVE-2022-2240 Request a Quote <= 2.3.7 - CSV Injection — Request a QuoteCWE-1236 8.8 -2022-07-25
CVE-2022-2239 Request a Quote < 2.3.9 - Admin+ Stored Cross-Site Scripting — Request a Quote 4.8 -2022-07-25
CVE-2022-2219 Unyson < 2.7.27 - Reflected Cross-Site Scripting — UnysonCWE-79 6.1 -2022-07-25
CVE-2022-2189 WP Video Lightbox < 1.9.5 - Reflected Cross-Site Scripting — WP Video LightboxCWE-79 6.1 -2022-07-25
CVE-2022-2115 Popup Anything < 2.1.7 - Reflected Cross-Site Scripting — Popup Anything – A Marketing Popup and Lead Generation ConversionsCWE-79 6.1 -2022-07-25
CVE-2022-2072 Name Directory < 1.25.3 - Reflected Cross-Site Scripting — Name DirectoryCWE-79 6.1 -2022-07-25
CVE-2022-2071 Name Directory < 1.25.4 - Stored Cross-Site Scripting via CSRF — Name DirectoryCWE-352 6.1 -2022-07-25
CVE-2022-1551 SP Project & Document Manager < 4.58 - Sensitive File Disclosure — SP Project & Document Manager 6.5 -2022-07-25
CVE-2022-1539 Exports and Reports < 0.9.2 - Contributor+ CSV Injection — Exports and ReportsCWE-1236 8.8 -2022-07-25
CVE-2022-0899 Header Footer Code Manager < 1.1.24 - Reflected Cross-Site Scripting — Header Footer Code ManagerCWE-79 6.1 -2022-07-25
CVE-2022-0594 Shareaholic < 9.7.6 - Information Disclosure — Professional Social Sharing Buttons, Icons & Related Posts – ShareaholicCWE-863 5.3 -2022-07-25
CVE-2022-2222 Download Monitor < 4.5.91 - Admin+ Arbitrary File Download — Download MonitorCWE-552 4.9 -2022-07-17
CVE-2022-2194 Accept Stripe Payments < 2.0.64 - Admin+ Stored Cross-Site Scripting — Accept Stripe PaymentsCWE-79 4.8 -2022-07-17
CVE-2022-2187 Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting — Contact Form 7 CaptchaCWE-79 6.1 -2022-07-17
CVE-2022-2186 Simple Post Notes < 1.7.6 - Admin+ Stored Cross-Site Scripting — Simple Post NotesCWE-79 4.8 -2022-07-17

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.