UNKNOWN — Vulnerabilities & Security Advisories 4139

Browse all 4139 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2022-1546	WooCommerce - Product Importer <= 1.5.2 - Reflected Cross-Site Scripting — WooCommerce – Product ImporterCWE-79	6.1	-	2022-07-11
CVE-2022-1474	WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting — WP Event Manager – Easily Build your Calendar of Events!CWE-79	6.1	-	2022-07-11
CVE-2022-1220	FoxyShop < 4.8.2 - Reflected Cross-Site Scripting — FoxyShopCWE-79	6.1	-	2022-07-11
CVE-2022-1057	Pricing Deals for WooCommerce <= 2.0.2.02 - Unauthenticated SQLi — Pricing Deals for WooCommerceCWE-89	9.8	-	2022-07-11
CVE-2022-2268	WP All Import < 3.6.8 - Admin+ Arbitrary File Upload — Import any XML or CSV File to WordPressCWE-434	7.2	-	2022-07-04
CVE-2022-1967	WP Championship < 9.3 - Multiple CSRF — WP ChampionshipCWE-352	6.5	-	2022-07-04
CVE-2022-1946	Gallery < 2.0.0 - Reflected Cross-Site Scripting — Gallery – Image and Video Gallery with ThumbnailsCWE-79	6.1	-	2022-07-04
CVE-2022-1301	WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting — WP Contact SliderCWE-79	4.8	-	2022-07-04
CVE-2022-0250	Redirection for Contact Form 7 < 2.5.0 - Reflected Cross-Site Scripting — Redirection for Contact Form 7CWE-79	6.1	-	2022-07-04
CVE-2021-25066	Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-79	4.8	-	2022-07-04
CVE-2021-25056	Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-79	4.8	-	2022-07-04
CVE-2022-2041	Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element Content — Brizy – Page BuilderCWE-79	5.4	-	2022-06-27
CVE-2022-2040	Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL — Brizy – Page BuilderCWE-79	5.4	-	2022-06-27
CVE-2022-1995	miniOrange's Malware Scanner < 4.5.2 - Admin+ Stored Cross-Site Scripting — Malware ScannerCWE-79	4.8	-	2022-06-27
CVE-2022-1994	Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting — Login With OTP Over SMS, Email, WhatsApp and Google AuthenticatorCWE-79	4.8	-	2022-06-27
CVE-2022-1990	Nested Pages < 3.1.21 - Admin+ Stored Cross Site Scripting — Nested PagesCWE-79	4.8	-	2022-06-27
CVE-2022-1977	WP Ultimate CSV Importer < 6.5.3 - Admin+ Blind SSRF — Import Export All WordPress Images, Users & Post TypesCWE-918	6.5	-	2022-06-27
CVE-2022-1971	NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS — NextCellent Gallery – NextGEN LegacyCWE-79	4.8	-	2022-06-27
CVE-2022-1964	Easy SVG Support < 3.3.0 - Author+ Stored Cross Site Scripting via SVG — Easy SVG SupportCWE-79	5.4	-	2022-06-27
CVE-2022-1960	MyCSS <= 1.1 - Arbitrary Settings Update via CSRF — MyCSSCWE-352	4.3	-	2022-06-27
CVE-2022-1953	Product Configurator for WooCommerce < 1.2.32 - Unauthenticated Arbitrary File Deletion — Product Configurator for WooCommerceCWE-22	9.1	-	2022-06-27
CVE-2022-1916	Active Products Tables for WooCommerce < 1.0.5 - Reflected Cross-Site-Scripting — Active Products Tables for WooCommerce. Professional products tables for WooCommerce storeCWE-79	6.1	-	2022-06-27
CVE-2022-1914	Clean-Contact <= 1.6 - Arbitrary Settings Update to Stored XSS via CSRF — Clean-ContactCWE-352	5.4	-	2022-06-27
CVE-2022-1913	Add Post URL <= 2.1.0 - Arbitrary Settings Update to Stored XSS via CSRF — Add Post URLCWE-352	5.4	-	2022-06-27
CVE-2022-1904	Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting — Pricing Tables WordPress Plugin – Easy Pricing TablesCWE-79	6.1	-	2022-06-27
CVE-2022-1903	ARMember < 3.4.8 - Unauthenticated Admin Account Takeover — ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signupCWE-862	8.1	-	2022-06-27
CVE-2022-1885	Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF — Cimy Header Image RotatorCWE-352	4.3	-	2022-06-27
CVE-2022-1847	Rotating Posts <= 1.11 - Arbitrary Settings Update to Stored XSS via CSRF — Rotating PostsCWE-352	4.3	-	2022-06-27
CVE-2022-1846	Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF — Tiny Contact FormCWE-352	4.3	-	2022-06-27
CVE-2022-1845	WP Post Styling < 1.3.1 - Multiple CSRF — WP Post StylingCWE-352	6.5	-	2022-06-27

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

UNKNOWN — Vulnerabilities & Security Advisories 4139