Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

UNKNOWN — Vulnerabilities & Security Advisories 4139

Browse all 4139 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by UNKNOWN:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPublished
CVE-2022-3149 WP Custom Cursors < 3.0.1 - Stored Cross-Site Scripting via CSRF — WP Custom CursorsCWE-352 6.1 -2022-10-17
CVE-2022-3150 WP Custom Cursors < 3.2 - Admin+ SQLi — WP Custom Cursors | WordPress Cursor Plugin 7.2 -2022-10-17
CVE-2022-3151 WP Custom Cursors < 3.0.1 - Arbitrary Cursor Deletion via CSRF — WP Custom CursorsCWE-352 6.5 -2022-10-17
CVE-2022-3206 Passster < 3.5.5.5.2 - Insecure Storage of Password — Passster 7.5 -2022-10-17
CVE-2022-3243 Import all XML, CSV & TXT into WordPress < 6.5.8 - Admin+ SQLi — Import all XML, CSV & TXT into WordPressCWE-89 7.2 -2022-10-17
CVE-2022-3244 Import all XML, CSV & TXT into WordPress < 6.5.8 - Missing Authorisation — Import all XML, CSV & TXT into WordPressCWE-862 4.2 -2022-10-17
CVE-2022-3282 Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass — Drag and Drop Multiple File Upload – Contact Form 7CWE-639 8.1 -2022-10-17
CVE-2021-25044 Cryptocurrency Pricing list and Ticker <= 1.5 - Reflected Cross-Site Scripting — Cryptocurrency Pricing list and TickerCWE-79 6.1 -2022-10-10
CVE-2022-2350 Disable User Login <= 1.0.1 - Unauthenticated Settings Update — Disable User LoginCWE-862 5.3 -2022-10-10
CVE-2022-2448 reSmush.it Image Optimizer < 0.4.6 - Admin+ Cross-Site Scripting — reSmush.it : the only free Image Optimizer & compress pluginCWE-79 4.8 -2022-10-10
CVE-2022-2554 Enable Media Replace < 4.0.0 - Admin+ Path Traversal — Enable Media ReplaceCWE-22 4.9 -2022-10-10
CVE-2022-2629 Top Bar < 3.0.4 - Admin+ Stored Cross-Site Scripting — Top BarCWE-79 4.8 -2022-10-10
CVE-2022-2823 Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting — Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress PluginCWE-79 4.8 -2022-10-10
CVE-2022-2891 WP 2FA < 2.3.0 - Time-Based Side-Channel Attack — WP 2FA 5.9 -2022-10-10
CVE-2022-2981 Download Monitor < 4.5.98 - Admin+ Arbitrary File Download — Download MonitorCWE-552 4.9 -2022-10-10
CVE-2022-3136 Social Rocket < 1.3.3 - Admin+ Stored Cross-Site Scripting — Social Rocket – Social Sharing PluginCWE-79 4.8 -2022-10-10
CVE-2022-3137 TaskBuilder < 1.0.8 - Subscriber+ Stored XSS via SVG file upload — Taskbuilder – WordPress Project & Task Management pluginCWE-79 5.4 -2022-10-10
CVE-2022-3207 Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting — Simple File ListCWE-79 4.8 -2022-10-10
CVE-2022-3208 Simple File List < 4.4.13 - Page Creation via CSRF — Simple File ListCWE-352 6.5 -2022-10-10
CVE-2022-3209 Soledad < 8.2.5 - Reflected Cross-site Scripting — soledadCWE-79 6.1 -2022-10-10
CVE-2022-3220 Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS — Advanced Comment FormCWE-79 4.8 -2022-10-10
CVE-2022-3132 Goolytics - Simple Google Analytics < 1.1.2 - Admin+ Stored Cross-Site Scripting — Goolytics – Simple Google AnalyticsCWE-79 4.8 -2022-10-03
CVE-2022-3128 Donation Thermometer < 2.1.3 - Admin+ Stored Cross-Site Scripting — Donation ThermometerCWE-79 4.8 -2022-10-03
CVE-2022-3125 Frontend File Manager < 21.3 - Subscriber+ Arbitrary File Upload — Frontend File Manager PluginCWE-434 8.8 -2022-10-03
CVE-2022-3124 Frontend File Manager < 21.3 - Unauthenticated File Renaming — Frontend File Manager PluginCWE-862 5.3 -2022-10-03
CVE-2022-2839 Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS — Zephyr Project ManagerCWE-79 6.1 -2022-10-03
CVE-2022-2763 WP Socializer < 7.3 - Admin+ Stored Cross-Site Scripting — WP Socializer – Simple & Easy Social Media Share IconsCWE-79 4.8 -2022-10-03
CVE-2022-2628 DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting — DSGVO All in one for WPCWE-79 4.8 -2022-10-03
CVE-2022-3135 SEO Smart Links <= 3.0.1 - Admin+ Stored Cross-Site Scripting — SEO Smart LinksCWE-79 4.8 -2022-09-26
CVE-2022-3119 OAuth client Single Sign On for WordPress < 3.0.4 - Unauthenticated Settings Update to Authentication Bypass — OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO )CWE-287 9.1 -2022-09-26

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.