Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

unknown — Vulnerabilities & Security Advisories 4256

Browse all 4256 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE IDTitleCVSSSeverityPublished
CVE-2021-24821 Cost Calculator < 1.6 - Contributor+ Stored Cross-Site Scripting — Cost CalculatorCWE-79 5.4 -2022-03-07
CVE-2021-24810 WP Event Manager < 3.1.23 - Admin+ Stored Cross-Site Scripting — WP Event Manager – Easily Build your Calendar of Events!CWE-79 4.8 -2022-03-07
CVE-2021-24778 Tradetracker-Store < 4.6.60 - Admin+ SQL Injection — Tradetracker-StoreCWE-89 7.2 -2022-03-07
CVE-2021-24777 Hotscot Contact Form < 1.3 - Admin+ SQL Injection — Hotscot Contact FormCWE-89 7.2 -2022-03-07
CVE-2021-24216 All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE — All-in-One WP MigrationCWE-434 7.2 -2022-03-07
CVE-2022-23912 AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting — Testimonial WordPress Plugin – AP Custom TestimonialCWE-79 6.1 -2022-02-28
CVE-2022-23911 AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection — Testimonial WordPress Plugin – AP Custom TestimonialCWE-89 7.2 -2022-02-28
CVE-2022-0411 Asgaros Forum < 2.0.0 - Subscriber+ Blind SQL Injection — Asgaros ForumCWE-89 8.8 -2022-02-28
CVE-2022-0385 Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS — Crazy BoneCWE-79 6.1 -2022-02-28
CVE-2022-0383 WP Review Slider < 11.0 - Admin+ SQL Injection — WP Review SliderCWE-89 7.2 -2022-02-28
CVE-2022-0377 LearnPress < 4.1.5 - Arbitrary Image Renaming — LearnPress 4.3 -2022-02-28
CVE-2022-0360 WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting — Easy Drag And drop All Import : WP Ultimate CSV ImporterCWE-79 4.8 -2022-02-28
CVE-2022-0345 Better Notifications for WP < 1.8.7 - Email Address Disclosure — Customize WordPress Emails and Alerts 4.3 -2022-02-28
CVE-2022-0328 Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF — Simple MembershipCWE-352 4.3 -2022-02-28
CVE-2022-0189 WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS) — WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and MoreCWE-79 6.1 -2022-02-28
CVE-2022-0150 WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS) — WP Accessibility Helper (WAH)CWE-79 6.1 -2022-02-28
CVE-2021-4222 WP Paginate < 2.1.4 - Admin+ Stored Cross-Site Scripting — WP-PaginateCWE-79 4.8 -2022-02-28
CVE-2021-25118 Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure — Yoast SEOCWE-200 5.3 -2022-02-28
CVE-2021-25112 WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS) — WHMCS BridgeCWE-79 6.1 -2022-02-28
CVE-2021-25081 WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF — Maps Plugin using Google Maps for WordPress – WP Google MapCWE-352 6.5 -2022-02-28
CVE-2021-25042 WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS — WP Visitor Statistics (Real Time Traffic)CWE-862 5.4 -2022-02-28
CVE-2021-25034 WP User < 7.0 - Reflected Cross-Site Scripting — WP User – Custom Registration Forms, Login and User ProfileCWE-79 6.1 -2022-02-28
CVE-2021-25011 WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update — Maps Plugin using Google Maps for WordPress – WP Google MapCWE-862 5.7 -2022-02-28
CVE-2021-25010 Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting — Post SnippetsCWE-352 8.2 -2022-02-28
CVE-2021-24994 WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting — Migration, Backup, Staging – WPvivid Backup and Migration PluginCWE-79 6.1 -2022-02-28
CVE-2021-24977 Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending — Use Any Font | Custom Font UploaderCWE-862 6.1 -2022-02-28
CVE-2021-24971 WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS — WP Responsive MenuCWE-79 5.4 -2022-02-28
CVE-2021-24933 Dynamic Widgets <= 1.5.16 - Reflected Cross-Site Scripting — Dynamic WidgetsCWE-79 5.4 -2022-02-28
CVE-2021-24920 StatCounter < 2.0.7 - Admin+ Stored Cross-Site Scripting — StatCounter – Free Real Time Visitor StatsCWE-79 4.8 -2022-02-28
CVE-2021-24913 Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF — Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo GridCWE-352 4.3 -2022-02-28

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.