Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

UNKNOWN — Vulnerabilities & Security Advisories 4139

Browse all 4139 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by UNKNOWN:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPublished
CVE-2022-2449 reSmush.it Image Optimizer < 0.4.7 - Multiple CSRF — reSmush.it : the only free Image Optimizer & compress pluginCWE-352 6.5 -2022-11-14
CVE-2022-2450 reSmush.it Image Optimizer < 0.4.4 - Subscriber+ AJAX Calls — reSmush.it : the only free Image Optimizer & compress pluginCWE-862 4.3 -2022-11-14
CVE-2022-3415 Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting — Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me backCWE-79 6.1 -2022-11-14
CVE-2022-3469 WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting — WP AttachmentsCWE-79 4.8 -2022-11-14
CVE-2022-3484 WPB Show Core - Reflected Cross-Site Scripting — wpb-show-coreCWE-79 6.1 -2022-11-14
CVE-2022-3538 Webmaster Tools Verification <= 1.2 - Unauthenticated Arbitrary Plugin Deactivation — Webmaster Tools VerificationCWE-862 7.5 -2022-11-14
CVE-2022-3539 Testimonials (Free < 2.7, Pro < 1.0.8) - Admin+ Stored Cross-Site Scripting — TestimonialsCWE-79 4.8 -2022-11-14
CVE-2022-3574 WPForms Pro < 1.7.7 - CSV Injection — WPForms ProCWE-1236 9.8 -2022-11-14
CVE-2022-3578 ProfileGrid < 5.1.1 - Reflected Cross-Site Scripting — ProfileGrid – User Profiles, Memberships, Groups and CommunitiesCWE-79 6.1 -2022-11-14
CVE-2022-3631 OAuth Client by DigitialPixies <= 1.1.0 - Admin+ Stored Cross-Site Scripting — OAuth Client by DigitialPixiesCWE-79 4.8 -2022-11-14
CVE-2022-3632 OAuth Client by DigitialPixies <= 1.1.0 - CSRF — OAuth Client by DigitialPixiesCWE-352 6.5 -2022-11-14
CVE-2022-2387 Easy Digital Downloads < 3.0 - Arbitrary Post Deletion via CSRF — Easy Digital Downloads – Simple eCommerce for Selling Digital FilesCWE-352 4.3 -2022-11-07
CVE-2022-2711 WP All Import < 3.6.9 - Admin+ Directory traversal via file upload — Import any XML or CSV File to WordPressCWE-22 7.2 -2022-11-07
CVE-2022-3418 WP All Import < 3.6.9 - Admin+ Arbitrary File Upload to RCE — Import any XML or CSV File to WordPressCWE-94 7.2 -2022-11-07
CVE-2022-3451 Product Stock Manager < 1.0.5 - Subscriber+ Unauthorised AJAX Calls — Product Stock ManagerCWE-862 4.3 -2022-11-07
CVE-2022-3462 Highlight Focus <= 1.1 - Admin+ Stored Cross Site Scripting — Highlight FocusCWE-79 4.8 -2022-11-07
CVE-2022-3463 FluentForm < 4.3.13 - CSV Injection — Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent FormsCWE-1236 8.8 -2022-11-07
CVE-2022-3481 WooCommerce Dropshipping < 4.4 - Unauthenticated SQLi — WooCommerce Dropshipping 9.8 -2022-11-07
CVE-2022-3489 WP Hide <= 0.0.2 - Unauthenticated Settings Update — Wp-HideCWE-862 5.3 -2022-11-07
CVE-2022-3494 Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi — Complianz – GDPR/CCPA Cookie ConsentCWE-89 8.8 -2022-11-07
CVE-2022-3536 Role Based Pricing for WooCommerce < 1.6.3 - Subscriber+ PHAR Deserialization — Role Based Pricing for WooCommerceCWE-502 8.8 -2022-11-07
CVE-2022-3537 Role Based Pricing for WooCommerce < 1.6.2 - Subscriber+ Arbitrary File Upload — Role Based Pricing for WooCommerceCWE-434 8.8 -2022-11-07
CVE-2022-3558 Import and export users and customers < 1.20.5 - Subscriber+ CSV Injection — Import and export users and customersCWE-1236 8.0 -2022-11-07
CVE-2022-2167 Newspaper < 12 - Reflected Cross-Site Scripting — NewspaperCWE-79 6.1 -2022-10-31
CVE-2022-2190 Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting — Gallery Plugin for WordPress – Envira Photo GalleryCWE-79 6.1 -2022-10-31
CVE-2022-2627 Newspaper < 12 - Reflected Cross-Site Scripting — NewspaperCWE-79 6.1 -2022-10-31
CVE-2022-3096 WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS — WP Total HacksCWE-862 5.4 -2022-10-31
CVE-2022-3237 WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting — WP Contact SliderCWE-79 4.8 -2022-10-31
CVE-2022-3254 AWP Classifieds Plugin < 4.3 - Unauthenticated SQLi — WordPress Classifieds Plugin – Ad Directory & Listings by AWP ClassifiedsCWE-89 9.8 -2022-10-31
CVE-2022-3334 Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection — Easy WP SMTPCWE-502 7.2 -2022-10-31

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.