Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4139

Browse all 4139 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Unknown:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPublished
CVE-2022-0148 All-in-one Floating Contact Form < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS) — All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs – My Sticky ElementsCWE-79 5.4 -2022-02-07
CVE-2021-25108 IP2Location Country Blocker < 2.26.6 - Arbitrary Country Ban via CSRF — IP2Location Country BlockerCWE-352 7.1 -2022-02-07
CVE-2021-25114 Paid Memberships Pro < 2.6.7 - Unauthenticated Blind SQL Injection — Paid Memberships ProCWE-89 9.8 -2022-02-07
CVE-2021-25106 WPLegalPages < 2.7.1 - Subscriber+ Arbitrary Settings Update to Stored XSS — Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPagesCWE-79 5.4 -2022-02-07
CVE-2021-25105 Ivory Search < 5.4.1 - Multiple Admin+ Stored Cross-Site Scripting — Ivory Search – WordPress Search PluginCWE-79 4.8 -2022-02-07
CVE-2021-25103 GTranslate < 2.9.7 - Reflected Cross-Site Scripting — Translate WordPress with GTranslateCWE-79 6.1 -2022-02-07
CVE-2021-25096 IP2Location Country Blocker < 2.26.5 - Ban Bypass — IP2Location Country BlockerCWE-639 6.5 -2022-02-07
CVE-2021-25084 Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion — Advanced Cron ManagerCWE-862 4.3 -2022-02-07
CVE-2021-25077 Store Toolkit for WooCommerce < 2.3.2 - Reflected Cross-Site Scripting — Store Toolkit for WooCommerceCWE-79 6.1 -2022-02-07
CVE-2021-25029 Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting — CLUEVO LMS, E-Learning PlatformCWE-79 4.8 -2022-02-07
CVE-2021-25004 SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download — SEUR OficialCWE-552 4.9 -2022-02-07
CVE-2021-24947 RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read — RVM – Responsive Vector MapsCWE-863 6.5 -2022-02-07
CVE-2021-24993 Ultimate Product Catalog < 5.0.26 - Subscriber+ Arbitrary Product Creation & Settings Update — Ultimate Product Catalog – WordPress Catalog PluginCWE-862 4.3 -2022-02-07
CVE-2021-24928 Rearrange Woocommerce Products < 3.0.8 - Subscriber+ SQL Injection — Rearrange Woocommerce ProductsCWE-89 7.1 -2022-02-07
CVE-2021-24880 SupportCandy < 2.2.7 - Contributor+ Stored Cross-Site Scripting — SupportCandy – Helpdesk & Support Ticket SystemCWE-79 5.4 -2022-02-07
CVE-2021-24879 SupportCandy < 2.2.7 - CSRF to Cross-Site Scripting — SupportCandy – Helpdesk & Support Ticket SystemCWE-352 7.3 -2022-02-07
CVE-2021-24843 SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF — SupportCandy – Helpdesk & Support Ticket SystemCWE-352 6.5 -2022-02-07
CVE-2021-24878 SupportCandy < 2.2.7 - Reflected Cross-Site Scripting — SupportCandy – Helpdesk & Support Ticket SystemCWE-79 6.1 -2022-02-07
CVE-2021-24839 SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion — SupportCandy – Helpdesk & Support Ticket SystemCWE-862 7.5 -2022-02-07
CVE-2021-25095 IP2Location Country Blocker < 2.26.5 - Subscriber+ Arbitrary Country Ban — IP2Location Country BlockerCWE-352 5.4 -2022-02-07
CVE-2022-0320 Essential Addons for Elementor < 5.0.5 - Unauthenticated LFI — Essential Addons for ElementorCWE-22 9.8 -2022-02-01
CVE-2022-0220 WordPress GDPR & CCPA < 1.9.27 - Unauthenticated Reflected Cross-Site Scripting — WordPress GDPR 4.7 -2022-02-01
CVE-2021-25092 Link Library < 7.2.8 - Library Settings Reset via CSRF — Link LibraryCWE-352 6.5 -2022-02-01
CVE-2021-25093 Link Library < 7.2.8 - Unauthenticated Arbitrary Links Deletion — Link LibraryCWE-862 7.5 -2022-02-01
CVE-2021-25091 Link Library < 7.2.9 - Reflected Cross-Site Scripting — Link LibraryCWE-79 6.1 -2022-02-01
CVE-2021-25089 UpdraftPlus < 1.16.69 - Reflected Cross-Site Scripting — UpdraftPlus WordPress Backup PluginCWE-79 6.1 -2022-02-01
CVE-2021-25085 WOOF - Products Filter for WooCommerce < 1.2.6.3 - Reflected Cross-Site Scripting — WOOF – Products Filter for WooCommerceCWE-79 6.1 -2022-02-01
CVE-2021-25063 Contact Form 7 Skins < 2.5.1 - Reflected Cross-Site Scripting (XSS) — Skins for Contact Form 7CWE-79 6.1 -2022-02-01
CVE-2021-25072 NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF — NextScripts: Social Networks Auto-PosterCWE-352 6.5 -2022-02-01
CVE-2021-24983 Asset CleanUp < 1.3.8.5 - Reflected Cross-Site Scripting via AJAX Action — Asset CleanUp: Page Speed BoosterCWE-79 6.1 -2022-02-01

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.