Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

unknown — Vulnerabilities & Security Advisories 4219

Browse all 4219 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE IDTitleCVSSSeverityPublished
CVE-2022-1758 Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF — Genki Pre-Publish ReminderCWE-352 8.8 -2022-06-13
CVE-2022-1756 Newsletter < 7.4.5 - Reflected Cross-Site Scripting — Newsletter – Send awesome emails from WordPressCWE-79 6.1 -2022-06-13
CVE-2022-1724 Simple Membership < 4.1.1 - Reflected Cross-Site Scripting — Simple MembershipCWE-79 6.1 -2022-06-13
CVE-2022-1710 Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting — Appointment Hour Booking – WordPress Booking PluginCWE-79 4.8 -2022-06-13
CVE-2022-1694 Useful Banner Manager <= 1.6.1 - Modify banners via CSRF — Useful Banner ManagerCWE-352 6.5 -2022-06-13
CVE-2022-1624 Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF — Latest Tweets WidgetCWE-352 4.3 -2022-06-13
CVE-2022-1612 Webriti SMTP Mail <= 1.0 - Arbitrary Settings Update via CSRF — Webriti SMTP MailCWE-352 4.3 -2022-06-13
CVE-2022-1608 OnePress Social Locker <= 5.6.2 - Arbitrary Settings Update via CSRF — OnePress Social LockerCWE-352 4.3 -2022-06-13
CVE-2022-1605 Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF — Email UsersCWE-352 6.5 -2022-06-13
CVE-2022-1604 MailerLite < 1.5.4 - Reflected Cross-Site Scripting — MailerLite – Signup forms (official)CWE-79 6.1 -2022-06-13
CVE-2022-1595 HC Custom WP-Admin URL <= 1.4 - Unauthenticated Secret URL Disclosure — HC Custom WP-Admin URLCWE-200 7.5 -2022-06-13
CVE-2022-1594 HC Custom WP-Admin URL <= 1.4 - Arbitrary Settings Update via CSRF — HC Custom WP-Admin URLCWE-352 4.3 -2022-06-13
CVE-2022-1549 WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting — WP AthleticsCWE-79 5.4 -2022-06-13
CVE-2022-1532 Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting — Themify – WooCommerce Product FilterCWE-79 6.1 -2022-06-13
CVE-2022-1412 Log WP_Mail <= 0.1 - Email Logs Publicly Accessible — Log WP_Mail 7.5 -2022-06-13
CVE-2022-1336 Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting — Carousel CKCWE-79 4.8 -2022-06-13
CVE-2022-1335 Slideshow CK < 1.4.10 - Admin+ Stored Cross-Site Scripting — Slideshow CKCWE-79 4.8 -2022-06-13
CVE-2022-1202 WP-CRM <= 1.2.1 - CSV Injection — WP-CRM – Customer Relations Management for WordPressCWE-1236 7.8 -2022-06-13
CVE-2022-0885 Member Hero <= 1.0.9 - Unauthenticated RCE — Member Hero 9.8 -2022-06-13
CVE-2022-0863 WP SVG Icons <= 3.2.3 - Admin+ Remote Code Execution (RCE) — WP SVG IconsCWE-434 7.2 -2022-06-13
CVE-2022-0827 Bestbooks <= 2.6.3 - Unauthenticated SQLi — BestbooksCWE-89 9.8 -2022-06-13
CVE-2022-0786 KiviCare < 2.3.9 - Unauthenticated SQLi — KiviCare – Clinic & Patient Management System (EHR)CWE-89 9.8 -2022-06-13
CVE-2022-0745 Like Button Rating < 2.6.45 - Arbitrary e-mail Sending — Like Button Rating ♥ LikeBtnCWE-862 6.5 -2022-06-13
CVE-2022-0626 Advanced Admin Search < 1.1.6 - Reflected Cross-Site Scripting — Advanced Admin SearchCWE-79 6.1 -2022-06-13
CVE-2021-25116 Enqueue Anything <= 1.0.1 - Subscriber+ Arbitrary Asset/Post Deletion — Enqueue Anything 6.5 -2022-06-13
CVE-2022-1712 LiveSync for WordPress <= 1.0 - Arbitrary Settings Update via CSRF — LiveSync for WordPressCWE-352 4.3 -2022-06-06
CVE-2022-1709 Throws SPAM Away < 3.3.1 - Comment Deletion via CSRF — Throws SPAM AwayCWE-352 6.5 -2022-06-06
CVE-2022-1695 WP Simple Adsense Insertion < 2.1 - Inject ads and javascript via CSRF — WP Simple Adsense InsertionCWE-352 7.4 -2022-06-06
CVE-2022-1692 CP Image Store with Slideshow < 1.0.68 - Unauthenticated SQLi — CP Image Store with SlideshowCWE-89 9.8 -2022-06-06
CVE-2022-1691 Realty Workstation < 1.0.15 - Agent SQLi — Realty WorkstationCWE-89 6.5 -2022-06-06

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.