Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4169

Browse all 4169 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by Unknown: Contest Gallery Download Manager Modern Events Calendar Lite Tutor LMS – eLearning and online course solution EventON wp-eMember AI ChatBot Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Logo Slider Elementor Website Builder Welcart e-Commerce Form Maker by 10Web wp-cart-for-digital-products Booster for WooCommerce wp-affiliate-platform Photo Gallery by 10Web Autoptimize Yi Technology Salon booking system MapPress Maps for WordPress WPQA Builder Popup box VikBooking Hotel Booking Engine & PMS WP MultiTasking EventPrime Frontend File Manager Plugin Simple Download Monitor Photo Gallery by 10Web – Mobile-Friendly Image Gallery Easy Forms for Mailchimp Newsletter Popup
CVE IDTitleCVSSSeverityPublished
CVE-2022-1779 Auto Delete Posts <= 1.3.0 - Arbitrary Settings Update via CSRF — Auto Delete PostsCWE-352 6.5 -2022-06-13
CVE-2022-1777 Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls — Filr – Secure document libraryCWE-862 8.3 -2022-06-13
CVE-2022-1773 WP Athletics <= 1.1.7 - Reflected Cross-Site Scripting — WP AthleticsCWE-79 6.1 -2022-06-13
CVE-2022-1772 Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting — Google Places ReviewsCWE-79 6.9 -2022-06-13
CVE-2022-1765 Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF — Hot Linked Image CacherCWE-352 8.1 -2022-06-13
CVE-2022-1764 WP-chgFontSize <= 1.8 - Arbitrary Settings Update via CSRF to Stored XSS — WP-chgFontSizeCWE-352 4.1 -2022-06-13
CVE-2022-1763 Static Page eXtended <= 2.1 - Arbitrary Settings Update via CSRF to Stored XSS — Static Page eXtendedCWE-352 9.3 -2022-06-13
CVE-2022-1762 iQ Block Country < 1.2.20 - Protection Bypass due to IP Spoofing — iQ Block Country 5.3 -2022-06-13
CVE-2022-1761 Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF — Peter’s Collaboration E-mailsCWE-352 6.5 -2022-06-13
CVE-2022-1759 RB Internal Links <= 2.0.16 - Stored Cross-Site Scripting via CSRF — RB Internal LinksCWE-352 5.4 -2022-06-13
CVE-2022-1758 Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF — Genki Pre-Publish ReminderCWE-352 8.8 -2022-06-13
CVE-2022-1756 Newsletter < 7.4.5 - Reflected Cross-Site Scripting — Newsletter – Send awesome emails from WordPressCWE-79 6.1 -2022-06-13
CVE-2022-1724 Simple Membership < 4.1.1 - Reflected Cross-Site Scripting — Simple MembershipCWE-79 6.1 -2022-06-13
CVE-2022-1710 Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting — Appointment Hour Booking – WordPress Booking PluginCWE-79 4.8 -2022-06-13
CVE-2022-1694 Useful Banner Manager <= 1.6.1 - Modify banners via CSRF — Useful Banner ManagerCWE-352 6.5 -2022-06-13
CVE-2022-1624 Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF — Latest Tweets WidgetCWE-352 4.3 -2022-06-13
CVE-2022-1612 Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF — Webriti SMTP MailCWE-352 4.3 -2022-06-13
CVE-2022-1608 OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF — OnePress Social LockerCWE-352 4.3 -2022-06-13
CVE-2022-1605 Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF — Email UsersCWE-352 6.5 -2022-06-13
CVE-2022-1604 MailerLite < 1.5.4 - Reflected Cross-Site Scripting — MailerLite – Signup forms (official)CWE-79 6.1 -2022-06-13
CVE-2022-1595 HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure — HC Custom WP-Admin URLCWE-200 7.5 -2022-06-13
CVE-2022-1594 HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF — HC Custom WP-Admin URLCWE-352 4.3 -2022-06-13
CVE-2022-1549 WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting — WP AthleticsCWE-79 5.4 -2022-06-13
CVE-2022-1532 Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting — Themify – WooCommerce Product FilterCWE-79 6.1 -2022-06-13
CVE-2022-1412 Log WP_Mail <= 0.1 - Email Logs Publicly Accessible — Log WP_Mail 7.5 -2022-06-13
CVE-2022-1336 Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting — Carousel CKCWE-79 4.8 -2022-06-13
CVE-2022-1335 Slideshow CK < 1.4.10 - Admin+ Stored Cross-Site Scripting — Slideshow CKCWE-79 4.8 -2022-06-13
CVE-2022-1202 WP-CRM <= 1.2.1 - CSV Injection — WP-CRM – Customer Relations Management for WordPressCWE-1236 7.8 -2022-06-13
CVE-2022-0885 Member Hero <= 1.0.9 - Unauthenticated RCE — Member Hero 9.8 -2022-06-13
CVE-2022-0863 WP SVG Icons <= 3.2.3 - Admin+ Remote Code Execution (RCE) — WP SVG IconsCWE-434 7.2 -2022-06-13

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.