Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

unknown — Vulnerabilities & Security Advisories 4152

Browse all 4152 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

“Unknown” represents a broad category of unclassified or poorly documented software components, currently associated with 4,141 recorded CVEs. These vulnerabilities typically stem from legacy architectures or proprietary systems lacking transparent security audits. Common flaw classes include remote code execution, cross-site scripting, and privilege escalation, often resulting from inadequate input validation or hardcoded credentials. Due to the opaque nature of these products, detailed security characteristics are frequently absent, making risk assessment difficult for organizations. Major incidents involving “Unknown” entities often highlight systemic failures in patch management and vendor accountability. The sheer volume of vulnerabilities suggests widespread reliance on unsupported or obscure technologies within critical infrastructure. Addressing these risks requires rigorous inventory management and proactive threat hunting, as standard mitigation strategies may not apply to such undefined software ecosystems.

Top products by unknown: Contest Gallery Download Manager EventON Tutor LMS – eLearning and online course solution Modern Events Calendar Lite AI ChatBot wp-eMember Logo Slider Welcart e-Commerce Elementor Website Builder Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress Photo Gallery by 10Web Booster for WooCommerce Autoptimize Form Maker by 10Web wp-affiliate-platform wp-cart-for-digital-products Yi Technology VikBooking Hotel Booking Engine & PMS Popup box Frontend File Manager Plugin WP MultiTasking Salon booking system Simple Download Monitor Photo Gallery by 10Web – Mobile-Friendly Image Gallery WPQA Builder MapPress Maps for WordPress EventPrime Blog2Social: Social Media Auto Post & Scheduler Ditty
CVE IDTitleCVSSSeverityPublished
CVE-2022-1581 WP-Polls < 2.76.0 - IP Validation Bypass — WP-Polls 5.3 -2022-11-21
CVE-2022-3336 Event Monster < 1.2.0 - Visitors Deletion via CSRF — Event Monster 4.3 -2022-11-21
CVE-2022-3600 Easy Digital Downloads < 3.1.0.2 - Unauthenticated CSV Injection — Easy Digital Downloads 9.8 -2022-11-21
CVE-2022-3618 Spacer < 3.0.7 - Admin+ Stored XSS — Spacer 4.8 -2022-11-21
CVE-2022-3634 Contact Form 7 Database Addon < 1.2.6.5 - CSV Injection — Contact Form 7 Database Addon 9.8 -2022-11-21
CVE-2022-3688 WPQA < 5.9 - Follow/Unfollow via CSRF — WPQA Builder 8.8 -2022-11-21
CVE-2022-3690 Popup Maker < 1.16.11 - Contributor+ Stored Cross Site Scripting — Popup Maker 5.4 -2022-11-21
CVE-2022-3691 DeepL Pro API Translation < 1.7.5 - API Key Disclosure — DeepL Pro API translation plugin 7.5 -2022-11-21
CVE-2022-3720 Event Monster < 1.2.1 - Admin+ SQLi — Event Monster 7.2 -2022-11-21
CVE-2022-3750 Ask Me < 6.8.7 - Post Deletion via CSRF — Ask me 4.7 -2022-11-21
CVE-2022-3753 Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting — Evaluate 4.8 -2022-11-21
CVE-2022-3762 Booster for WooCommerce - ShopManager+ Arbitrary File Download — Booster for WooCommerce 7.5 -2022-11-21
CVE-2022-3763 Booster for WooCommerce - Checkout Files Deletion via CSRF — Booster for WooCommerce 6.5 -2022-11-21
CVE-2022-2449 reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF — reSmush.it : the only free Image Optimizer & compress pluginCWE-352 6.5 -2022-11-14
CVE-2022-2450 reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls — reSmush.it : the only free Image Optimizer & compress pluginCWE-862 4.3 -2022-11-14
CVE-2022-3415 Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting — Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me backCWE-79 6.1 -2022-11-14
CVE-2022-3469 WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting — WP AttachmentsCWE-79 4.8 -2022-11-14
CVE-2022-3484 WPB Show Core - Reflected Cross-Site Scripting — wpb-show-coreCWE-79 6.1 -2022-11-14
CVE-2022-3538 Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation — Webmaster Tools VerificationCWE-862 7.5 -2022-11-14
CVE-2022-3539 Testimonials (Free < 2.7, Pro < 1.0.8) - Admin+ Stored Cross-Site Scripting — TestimonialsCWE-79 4.8 -2022-11-14
CVE-2022-3574 WPForms Pro < 1.7.7 - CSV Injection — WPForms ProCWE-1236 9.8 -2022-11-14
CVE-2022-3578 ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting — ProfileGrid – User Profiles, Memberships, Groups and CommunitiesCWE-79 6.1 -2022-11-14
CVE-2022-3631 OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting — OAuth Client by DigitialPixiesCWE-79 4.8 -2022-11-14
CVE-2022-3632 OAuth Client by DigitialPixies <= 1.1.0 - CSRF — OAuth Client by DigitialPixiesCWE-352 6.5 -2022-11-14
CVE-2022-2387 Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF — Easy Digital Downloads – Simple eCommerce for Selling Digital FilesCWE-352 4.3 -2022-11-07
CVE-2022-2711 WP All Import < 3.6.9 - Admin+ Directory traversal via file upload — Import any XML or CSV File to WordPressCWE-22 7.2 -2022-11-07
CVE-2022-3418 WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE — Import any XML or CSV File to WordPressCWE-94 7.2 -2022-11-07
CVE-2022-3451 Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls — Product Stock ManagerCWE-862 4.3 -2022-11-07
CVE-2022-3462 Highlight Focus <= 1.1 - Admin+ Stored Cross Site Scripting — Highlight FocusCWE-79 4.8 -2022-11-07
CVE-2022-3463 FluentForm < 4.3.13 - CSV Injection — Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent FormsCWE-1236 8.8 -2022-11-07

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.