Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4139

Browse all 4139 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Unknown:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPublished
CVE-2021-24826 Custom Content Shortcode < 4.0.2 - Authenticated Stored Cross-Site Scripting — Custom Content ShortcodeCWE-79 5.4 -2022-03-07
CVE-2021-24825 Custom Content Shortcode < 4.0.2 - Authenticated Arbitrary File Access / LFI — Custom Content ShortcodeCWE-345 4.3 -2022-03-07
CVE-2021-24824 Custom Content Shortcode < 4.0.1 - Unauthorised Arbitrary Post Metadata Access — Custom Content ShortcodeCWE-863 4.3 -2022-03-07
CVE-2021-24821 Cost Calculator < 1.6 - Contributor+ Stored Cross-Site Scripting — Cost CalculatorCWE-79 5.4 -2022-03-07
CVE-2021-24810 WP Event Manager < 3.1.23 - Admin+ Stored Cross-Site Scripting — WP Event Manager – Easily Build your Calendar of Events!CWE-79 4.8 -2022-03-07
CVE-2021-24778 Tradetracker-Store < 4.6.60 - Admin+ SQL Injection — Tradetracker-StoreCWE-89 7.2 -2022-03-07
CVE-2021-24777 Hotscot Contact Form < 1.3 - Admin+ SQL Injection — Hotscot Contact FormCWE-89 7.2 -2022-03-07
CVE-2021-24216 All-in-One WP Migration < 7.41 - Admin+ Arbitrary File Upload to RCE — All-in-One WP MigrationCWE-434 7.2 -2022-03-07
CVE-2022-23912 AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting — Testimonial WordPress Plugin – AP Custom TestimonialCWE-79 6.1 -2022-02-28
CVE-2022-23911 AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection — Testimonial WordPress Plugin – AP Custom TestimonialCWE-89 7.2 -2022-02-28
CVE-2022-0411 Asgaros Forum < 2.0.0 - Subscriber+ Blind SQL Injection — Asgaros ForumCWE-89 8.8 -2022-02-28
CVE-2022-0385 Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS — Crazy BoneCWE-79 6.1 -2022-02-28
CVE-2022-0383 WP Review Slider < 11.0 - Admin+ SQL Injection — WP Review SliderCWE-89 7.2 -2022-02-28
CVE-2022-0377 LearnPress < 4.1.5 - Arbitrary Image Renaming — LearnPress 4.3 -2022-02-28
CVE-2022-0360 WP Ultimate CSV Importer < 6.4.3 - Admin+ Stored Cross-Site Scripting — Easy Drag And drop All Import : WP Ultimate CSV ImporterCWE-79 4.8 -2022-02-28
CVE-2022-0345 Better Notifications for WP < 1.8.7 - Email Address Disclosure — Customize WordPress Emails and Alerts 4.3 -2022-02-28
CVE-2022-0328 Simple Membership < 4.0.9 - Arbitrary Member Deletion via CSRF — Simple MembershipCWE-352 4.3 -2022-02-28
CVE-2022-0189 WP RSS Aggregator < 4.20 - Reflected Cross-Site Scripting (XSS) — WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and MoreCWE-79 6.1 -2022-02-28
CVE-2022-0150 WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS) — WP Accessibility Helper (WAH)CWE-79 6.1 -2022-02-28
CVE-2021-4222 WP Paginate < 2.1.4 - Admin+ Stored Cross-Site Scripting — WP-PaginateCWE-79 4.8 -2022-02-28
CVE-2021-25118 Yoast SEO 16.7-17.2 - Unauthenticated Full Path Disclosure — Yoast SEOCWE-200 5.3 -2022-02-28
CVE-2021-25112 WHMCS Bridge < 6.4b - Reflected Cross-Site Scripting (XSS) — WHMCS BridgeCWE-79 6.1 -2022-02-28
CVE-2021-25081 WP Google Map < 1.8.4 - Arbitrary Post Deletion and Plugin's Settings Update via CSRF — Maps Plugin using Google Maps for WordPress – WP Google MapCWE-352 6.5 -2022-02-28
CVE-2021-25042 WP Visitor Statistics (Real Time Traffic) < 5.5 - Arbitrary IP Address Exclusion to Stored XSS — WP Visitor Statistics (Real Time Traffic)CWE-862 5.4 -2022-02-28
CVE-2021-25034 WP User < 7.0 - Reflected Cross-Site Scripting — WP User – Custom Registration Forms, Login and User ProfileCWE-79 6.1 -2022-02-28
CVE-2021-25011 WP Google Map < 1.8.1 - Subscriber+ Arbitrary Post Deletion and Plugin's Settings Update — Maps Plugin using Google Maps for WordPress – WP Google MapCWE-862 5.7 -2022-02-28
CVE-2021-25010 Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting — Post SnippetsCWE-352 8.2 -2022-02-28
CVE-2021-24994 WPvivid Backup and Migration Plugin < 0.9.69 - Unauthenticated Stored Cross-Site Scripting — Migration, Backup, Staging – WPvivid Backup and Migration PluginCWE-79 6.1 -2022-02-28
CVE-2021-24977 Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Appending — Use Any Font | Custom Font UploaderCWE-862 6.1 -2022-02-28
CVE-2021-24971 WP Responsive Menu < 3.1.7.1 - Subscriber+ Settings Update to Stored XSS — WP Responsive MenuCWE-79 5.4 -2022-02-28

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.