Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

UNKNOWN — Vulnerabilities & Security Advisories 4139

Browse all 4139 CVE security advisories affecting UNKNOWN. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by UNKNOWN:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPublished
CVE-2022-1844 WP Sentry <= 1.0 - Arbitrary Settings Update to Stored XSS via CSRF — WP SentryCWE-352 5.4 -2022-06-27
CVE-2022-1843 MailPress <= 7.2.1 - Arbitrary Settings Update & Log Files Purge via CSRF — MailPressCWE-352 6.5 -2022-06-27
CVE-2022-1842 OpenBook Book Data <= 3.5.2 - Arbitrary Settings Update to Stored XSS via CSRF — OpenBook Book DataCWE-352 4.6 -2022-06-27
CVE-2022-1776 Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting — Popups, Welcome Bar, Optins and Lead Generation Plugin – IcegramCWE-79 5.4 -2022-06-27
CVE-2022-1653 Social Share Buttons by Supsystic < 2.2.4 - Multiple CSRF — Social Share Buttons by SupsysticCWE-352 4.3 -2022-06-27
CVE-2022-1627 My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF — My Private SiteCWE-352 4.3 -2022-06-27
CVE-2022-1625 New User Approve < 2.4 - Arbitrary Settings Update & Invitation Code Creation via CSRF — New User ApproveCWE-352 6.5 -2022-06-27
CVE-2022-1593 Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF — Site Offline or Coming SoonCWE-79 6.1 -2022-06-27
CVE-2022-1574 HTML2WP <= 1.0.0 - Unauthenticated Arbitrary File Upload — HTML2WP 9.8 -2022-06-27
CVE-2022-1573 HTML2WP <= 1.0.0 - Arbitrary Settings Update via CSRF — HTML2WPCWE-352 4.3 -2022-06-27
CVE-2022-1572 HTML2WP <= 1.0.0 - Subscriber+ Arbitrary File Deletion — HTML2WP 8.1 -2022-06-27
CVE-2022-1470 Ultimate WooCommerce CSV Importer <= 2.0 - Reflected Cross-Site Scripting — Ultimate WooCommerce CSV ImporterCWE-79 6.1 -2022-06-27
CVE-2022-1327 Image Gallery - Grid Gallery < 1.1.6 - Admin+ Stored Cross-Site Scripting — Image Gallery – Grid GalleryCWE-79 4.8 -2022-06-27
CVE-2022-1326 Form - Contact Form <= 1.2.0 - Admin+ Stored Cross-Site Scripting — Form – Contact FormCWE-79 4.8 -2022-06-27
CVE-2022-1321 miniOrange's Google Authenticator < 5.5.6 - Admin+ Stored Cross-Site Scripting — miniOrange's Google Authenticator – WordPress Two Factor Authentication (2FA , Two Factor, OTP SMS and Email) | Passwordless loginCWE-79 4.8 -2022-06-27
CVE-2022-1113 Flower Delivery by Florist One <= 3.7 - Admin+ Stored Cross-Site Scripting — Flower Delivery by Florist One 4.8 -2022-06-27
CVE-2022-1095 Mihdan: No External Links < 5.0.2 - Admin+ Stored Cross-Site Scripting — Mihdan: No External LinksCWE-79 4.8 -2022-06-27
CVE-2022-1029 Limit Login Attempts < 4.0.72 - Admin+ Stored Cross-Site Scripting — Limit Login AttemptsCWE-79 4.8 -2022-06-27
CVE-2022-1028 WordPress Security < 4.2.1 - Admin+ Stored Cross-Site Scripting — WordPress Security – Firewall, Malware Scanner, Secure Login and BackupCWE-79 4.8 -2022-06-27
CVE-2022-1010 Login using WordPress Users < 1.13.4 - Admin+ Stored Cross-Site Scripting — Login using WordPress Users ( WP as SAML IDP )CWE-79 4.8 -2022-06-27
CVE-2022-0875 miniOrange Google Authenticator < 1.0.5 - CSRF to Stored Cross-Site Scripting — Google AuthenticatorCWE-352 7.1 -2022-06-27
CVE-2022-0444 XCloner < 4.3.6 - Plugin Settings Reset — Backup, Restore and Migrate WordPress Sites With the XCloner Plugin 4.3 -2022-06-27
CVE-2022-1945 Coming Soon and Maintenance by Colorlib < 1.0.99 - Admin+ Stored Cross Site Scripting — Coming Soon & Maintenance Mode by ColorlibCWE-79 4.8 -2022-06-20
CVE-2022-1939 Allow SVG Files < 1.1 - Admin+ Arbitrary File Upload — Allow svg filesCWE-434 7.2 -2022-06-20
CVE-2022-1915 WP Zillow Review Slider < 2.4 - Admin+ Stored Cross-Site Scripting — WP Zillow Review SliderCWE-79 4.8 -2022-06-20
CVE-2022-1905 Events Made Easy < 2.2.81 - Unauthenticated SQLi — Events Made EasyCWE-89 9.8 -2022-06-20
CVE-2022-1896 underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting — underConstructionCWE-79 4.8 -2022-06-20
CVE-2022-1895 underConstruction < 1.20 - Construction Mode Deactivation via CSRF — underConstructionCWE-352 6.5 -2022-06-20
CVE-2022-1889 Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting — Newsletter – Send awesome emails from WordPressCWE-79 4.8 -2022-06-20
CVE-2022-1832 CaPa Protect <= 0.5.8.2 - Arbitrary Settings Update via CSRF — CaPa ProtectCWE-352 6.5 -2022-06-20

This page lists every published CVE security advisory associated with UNKNOWN. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.