unknown — Vulnerabilities & Security Advisories 4152

Browse all 4152 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-25041	Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS) — Photo Gallery by 10Web – Mobile-Friendly Image GalleryCWE-79	6.1	-	2021-12-06
CVE-2021-24943	Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection — Registrations for the Events Calendar – Event Registration PluginCWE-89	9.8	-	2021-12-06
CVE-2021-24939	LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting — LoginWP (Formerly Peter's Login Redirect)CWE-79	6.1	-	2021-12-06
CVE-2021-24938	WooCommerce Currency Switcher < 1.3.7.1 - Reflected Cross-Site Scripting — WOOCS – Currency Switcher for WooCommerce. Professional and Free multi currency plugin – Pay in selected currencyCWE-79	5.4	-	2021-12-06
CVE-2021-24935	WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting — WP Google FontsCWE-79	6.1	-	2021-12-06
CVE-2021-24931	Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection — Secure Copy Content Protection and Content LockingCWE-89	9.8	-	2021-12-06
CVE-2021-24930	Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting — WordPress Online Booking and Scheduling Plugin – BooklyCWE-79	5.4	-	2021-12-06
CVE-2021-24924	Email Log < 2.4.8 - Reflected Cross-Site Scripting — Email LogCWE-79	6.1	-	2021-12-06
CVE-2021-24917	WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header — WPS Hide LoginCWE-863	7.5	-	2021-12-06
CVE-2021-24914	Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal — Tawk.To Live ChatCWE-862	7.3	-	2021-12-06
CVE-2021-24866	WP Data Access < 5.0.0 - Admin+ SQL Injection — WP Data AccessCWE-89	9.8	-	2021-12-06
CVE-2021-24759	PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting — PDF.js ViewerCWE-79	5.4	-	2021-12-06
CVE-2021-24718	ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting — Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form BuilderCWE-79	4.8	-	2021-12-06
CVE-2021-24714	WP All Import < 3.6.3 - Admin+ Stored Cross-Site Scripting — Import any XML or CSV File to WordPressCWE-79	4.8	-	2021-12-06
CVE-2015-20106	ClickBank Affiliate Ads <= 1.20 - Admin+ Stored Cross-Site Scripting — ClickBank Affiliate AdsCWE-79	4.8	-	2021-12-02
CVE-2015-20105	ClickBank Affiliate Ads <= 1.20 - CSRF to Stored Cross-Site Scripting — ClickBank Affiliate AdsCWE-79	6.1	-	2021-12-02
CVE-2020-35037	Events Manager < 5.9.8 - Cross-Site Scripting (XSS) — Events ManagerCWE-79	6.1	-	2021-12-01
CVE-2020-35012	Events Manager < 5.9.8 - Admin+ SQL Injection — Events ManagerCWE-89	7.2	-	2021-12-01
CVE-2021-24927	My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting — My CalendarCWE-79	5.4	-	2021-11-29
CVE-2021-24918	Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS — Smash Balloon Social Post FeedCWE-79	5.4	-	2021-11-29
CVE-2021-24915	Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure — Contest Gallery – Photo Contest Plugin for WordPressCWE-89	9.1	-	2021-11-29
CVE-2021-24908	Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting — Check & Log EmailCWE-79	6.1	-	2021-11-29
CVE-2021-24899	Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting — Media TagsCWE-79	4.8	-	2021-11-29
CVE-2021-24889	Ninja Forms < 3.6.4 - Admin+ SQL Injection — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-89	7.2	-	2021-11-29
CVE-2021-24883	Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting — Popup Anything – A Marketing PopupCWE-79	5.4	-	2021-11-29
CVE-2021-24876	Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting — Registrations for the Events Calendar – Event Registration PluginCWE-79	6.1	-	2021-11-29
CVE-2021-24860	BSK PDF Manager < 3.1.2 - Admin+ SQL Injection — BSK PDF ManagerCWE-89	7.2	-	2021-11-29
CVE-2021-24842	Bulk Datetime Change < 1.12 - Missing Authorisation — Bulk Datetime ChangeCWE-862	5.4	-	2021-11-29
CVE-2021-24822	Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS — Stylish Cost CalculatorCWE-79	5.4	-	2021-11-29
CVE-2021-24811	Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting — Shop Page WPCWE-79	4.8	-	2021-11-29

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

unknown — Vulnerabilities & Security Advisories 4152