Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

unknown — Vulnerabilities & Security Advisories 4164

Browse all 4164 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by unknown: Contest Gallery Download Manager Tutor LMS – eLearning and online course solution Modern Events Calendar Lite EventON AI ChatBot wp-eMember Elementor Website Builder Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Logo Slider Welcart e-Commerce Photo Gallery by 10Web Autoptimize Booster for WooCommerce wp-cart-for-digital-products wp-affiliate-platform Form Maker by 10Web Yi Technology Salon booking system MapPress Maps for WordPress EventPrime Frontend File Manager Plugin Popup box WP MultiTasking Simple Download Monitor VikBooking Hotel Booking Engine & PMS Photo Gallery by 10Web – Mobile-Friendly Image Gallery WPQA Builder Himer Simple Membership
CVE IDTitleCVSSSeverityPublished
CVE-2021-25023 Speed Booster Pack < 4.3.3.1 - Admin+ SQL Injection — Speed Booster Pack ⚡ PageSpeed Optimization SuiteCWE-89 7.2 -2022-01-03
CVE-2021-25021 OMGF < 4.5.12 - Admin+ Arbitrary Folder Deletion via Path Traversal — OMGF | Host Google Fonts LocallyCWE-22 4.9 -2022-01-03
CVE-2021-25020 CAOS < 4.1.9 - Admin+ Arbitrary Folder Deletion via Path Traversal — CAOS | Host Google Analytics LocallyCWE-22 4.9 -2022-01-03
CVE-2021-25001 Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in Product XML Feeds Module — Booster for WooCommerceCWE-79 6.1 -2022-01-03
CVE-2021-25016 Chaty < 2.8.3 - Reflected Cross-Site Scripting — Floating Chat Widget: Contact Icons, Messages, Telegram, Email, SMS, Call Button – ChatyCWE-79 6.1 -2022-01-03
CVE-2021-25000 Booster for WooCommerce < 5.4.9 - Reflected Cross-Site Scripting in General Module — Booster for WooCommerceCWE-79 6.1 -2022-01-03
CVE-2021-24991 WooCommerce PDF Invoices & Packing Slips < 2.10.5 - Reflected Cross-Site Scripting — WooCommerce PDF Invoices & Packing SlipsCWE-79 6.1 -2022-01-03
CVE-2021-24999 Booster for Woocommerce < 5.4.9 - Reflected Cross-Site Scripting in PDF Invoicing Module — Booster for WooCommerceCWE-79 6.1 -2022-01-03
CVE-2021-24973 Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting — Site ReviewsCWE-79 6.1 -2022-01-03
CVE-2021-24964 LiteSpeed Cache < 4.4.4 - IP Check Bypass to Unauthenticated Stored XSS — LiteSpeed CacheCWE-79 6.1 -2022-01-03
CVE-2021-24963 LiteSpeed Cache < 4.4.4 - Admin+ Reflected Cross-Site Scripting — LiteSpeed CacheCWE-79 6.1 -2022-01-03
CVE-2021-24893 Stars Rating < 3.5.1 - Comments Denial of Service — Stars RatingCWE-400 8.2 -2022-01-03
CVE-2021-24831 Tab - Accordion, FAQ < 1.3.2 - Unauthenticated AJAX Calls — Tab – Accordion, FAQCWE-862 7.5 -2022-01-03
CVE-2021-24828 Mortgage Calculator / Loan Calculator < 1.5.17 - Contributor+ Stored Cross-Site Scripting — Mortgage Calculator / Loan CalculatorCWE-79 5.4 -2022-01-03
CVE-2021-24786 Download Monitor < 4.4.5 - Admin+ SQL Injection — Download MonitorCWE-89 7.2 -2022-01-03
CVE-2021-24680 WP Travel Engine < 5.3.1 - Editor+ Stored Cross-Site Scripting — WP Travel Engine – Travel and Tour Booking PluginCWE-79 5.4 -2022-01-03
CVE-2021-24997 WP Guppy < 1.3 - Sensitive Information Disclosure — WP GuppyCWE-862 6.5 -2021-12-27
CVE-2021-24998 Simple JWT Login < 3.3.0 - Insecure Password Creation — Simple JWT Login 9.8 -2021-12-27
CVE-2021-24992 Buttonizer - Smart Floating Action Button < 2.5.5 - Admin+ Stored Cross-Site Scripting — Smart Floating / Sticky Buttons – Call, Sharing, Chat Widgets & More – ButtonizerCWE-79 4.8 -2021-12-27
CVE-2021-24984 WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting — WPFront User Role EditorCWE-79 6.1 -2021-12-27
CVE-2021-24988 WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting — WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and MoreCWE-79 5.4 -2021-12-27
CVE-2021-24980 Gwolle Guestbook < 4.2.0 - Reflected Cross-Site Scripting — Gwolle GuestbookCWE-79 6.1 -2021-12-27
CVE-2021-24979 Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting — Paid Memberships ProCWE-79 6.1 -2021-12-27
CVE-2021-24967 Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting — Contact Form & Lead Form Elementor BuilderCWE-79 6.1 -2021-12-27
CVE-2021-24969 Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting — WordPress Download ManagerCWE-79 5.4 -2021-12-27
CVE-2021-24902 Typebot < 1.4.3 - Admin+ Stored Cross Site Scripting — Typebot | Build beautiful conversational formsCWE-79 4.8 -2021-12-27
CVE-2021-24797 Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting — Tickera – WordPress Event TicketingCWE-79 6.1 -2021-12-27
CVE-2021-24753 Rich Reviews by Starfish < 1.9.6 - Admin+ SQL Injection — Rich Reviews by StarfishCWE-89 7.2 -2021-12-27
CVE-2021-24981 Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload — Directorist – Business Directory PluginCWE-434 8.8 -2021-12-21
CVE-2021-24956 Blog2Social < 6.8.7 - Reflected Cross-Site Scripting — Blog2Social: Social Media Auto Post & SchedulerCWE-79 6.1 -2021-12-21

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.