Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Unknown — Vulnerabilities & Security Advisories 4215

Browse all 4215 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE IDTitleCVSSSeverityPublished
CVE-2022-1994 Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting — Login With OTP Over SMS, Email, WhatsApp and Google AuthenticatorCWE-79 4.8 -2022-06-27
CVE-2022-1990 Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting — Nested PagesCWE-79 4.8 -2022-06-27
CVE-2022-1977 WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF — Import Export All WordPress Images, Users & Post TypesCWE-918 6.5 -2022-06-27
CVE-2022-1971 NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS — NextCellent Gallery – NextGEN LegacyCWE-79 4.8 -2022-06-27
CVE-2022-1964 Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG — Easy SVG SupportCWE-79 5.4 -2022-06-27
CVE-2022-1960 MyCSS <= 1.1 - Arbitrary Settings Update via CSRF — MyCSSCWE-352 4.3 -2022-06-27
CVE-2022-1953 Product Configurator for WooCommerce < 1.2.32 - Unauthenticated Arbitrary File Deletion — Product Configurator for WooCommerceCWE-22 9.1 -2022-06-27
CVE-2022-1916 Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting — Active Products Tables for WooCommerce. Professional products tables for WooCommerce storeCWE-79 6.1 -2022-06-27
CVE-2022-1914 Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF — Clean-ContactCWE-352 5.4 -2022-06-27
CVE-2022-1913 Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF — Add Post URLCWE-352 5.4 -2022-06-27
CVE-2022-1904 Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting — Pricing Tables WordPress Plugin – Easy Pricing TablesCWE-79 6.1 -2022-06-27
CVE-2022-1903 ARMember < 3.4.8 - Unauthenticated Admin Account Takeover — ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signupCWE-862 8.1 -2022-06-27
CVE-2022-1885 Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF — Cimy Header Image RotatorCWE-352 4.3 -2022-06-27
CVE-2022-1847 Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF — Rotating PostsCWE-352 4.3 -2022-06-27
CVE-2022-1846 Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF — Tiny Contact FormCWE-352 4.3 -2022-06-27
CVE-2022-1845 WP Post Styling < 1.3.1 - Multiple CSRF — WP Post StylingCWE-352 6.5 -2022-06-27
CVE-2022-1844 WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF — WP SentryCWE-352 5.4 -2022-06-27
CVE-2022-1843 MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF — MailPressCWE-352 6.5 -2022-06-27
CVE-2022-1842 OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF — OpenBook Book DataCWE-352 4.6 -2022-06-27
CVE-2022-1776 Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting — Popups, Welcome Bar, Optins and Lead Generation Plugin – IcegramCWE-79 5.4 -2022-06-27
CVE-2022-1653 Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF — Social Share Buttons by SupsysticCWE-352 4.3 -2022-06-27
CVE-2022-1627 My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF — My Private SiteCWE-352 4.3 -2022-06-27
CVE-2022-1625 New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF — New User ApproveCWE-352 6.5 -2022-06-27
CVE-2022-1593 Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF — Site Offline or Coming SoonCWE-79 6.1 -2022-06-27
CVE-2022-1574 HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload — HTML2WP 9.8 -2022-06-27
CVE-2022-1573 HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF — HTML2WPCWE-352 4.3 -2022-06-27
CVE-2022-1572 HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion — HTML2WP 8.1 -2022-06-27
CVE-2022-1470 Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting — Ultimate WooCommerce CSV ImporterCWE-79 6.1 -2022-06-27
CVE-2022-1327 Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting — Image Gallery – Grid GalleryCWE-79 4.8 -2022-06-27
CVE-2022-1326 Form - Contact Form <= 1.2.0 - Admin+ Stored Cross-Site Scripting — Form – Contact FormCWE-79 4.8 -2022-06-27

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.