Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

Unknown — Vulnerabilities & Security Advisories 4138

Browse all 4138 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products Unknown:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPaused
CVE-2021-24174 Database Backups <= 1.2.2.6 - CSRF to Backup Download — Database BackupsCWE-352 8.3 -2021-04-05
CVE-2021-24175 The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass — The Plus Addons for Elementor Page BuilderCWE-287 9.8 -2021-04-05
CVE-2021-24176 JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) — JH 404 LoggerCWE-79 5.4 -2021-04-05
CVE-2021-24159 Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Contact Form 7 StyleCWE-352 7.1 -2021-04-05
CVE-2021-24163 Ninja Forms < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-200 8.8 -2021-04-05
CVE-2021-24164 Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-200 4.3 -2021-04-05
CVE-2021-24165 Ninja Forms < 3.4.34 - Administrator Open Redirect — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-601 6.1 -2021-04-05
CVE-2021-24166 Ninja Forms < 3.4.34 - CSRF to OAuth Service Disconnection — Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPressCWE-352 5.4 -2021-04-05
CVE-2021-24167 Web-Stat < 1.4.1 - API Key Disclosure — Web-StatCWE-200 10.0 -2021-04-05
CVE-2021-24150 Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF — Like Button Rating ♥ LikeBtnCWE-918 7.5 -2021-04-05
CVE-2021-24152 Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS) — Popup Builder – Responsive WordPress Pop up – Subscription & NewsletterCWE-79 6.1 -2021-04-05
CVE-2021-24153 Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS) — Yoast SEOCWE-79 5.4 -2021-04-05
CVE-2021-24154 Theme Editor < 2.6 - Authenticated Arbitrary File Download — Theme EditorCWE-552 4.9 -2021-04-05
CVE-2021-24155 Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload — WordPress Backup and Migrate Plugin – Backup GuardCWE-434 7.2 -2021-04-05
CVE-2021-24156 Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting — Testimonial RotatorCWE-79 5.4 -2021-04-05
CVE-2021-24157 Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting — Orbit Fox by ThemeIsleCWE-79 5.4 -2021-04-05
CVE-2021-24158 Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation — Orbit Fox by ThemeIsleCWE-269 6.5 -2021-04-05
CVE-2021-24142 301 Redirects - Easy Redirect Manager < 2.51 - Authenticated SQL Injection — 301 Redirects - Easy Redirect ManagerCWE-89 7.2 -2021-03-18
CVE-2021-24143 AccessPress Social Icons < 1.8.1 - Authenticated SQL Injection — AccessPress Social IconsCWE-89 8.8 -2021-03-18
CVE-2021-24144 Contact Form 7 Database Addon < 1.2.5.6 - CSV Injection — Contact Form 7 Database AddonCWE-74 8.8 -2021-03-18
CVE-2021-24145 Modern Events Calendar Lite < 5.16.5 - Authenticated Arbitrary File Upload leading to RCE — Modern Events Calendar LiteCWE-434 7.2 -2021-03-18
CVE-2021-24146 Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export — Modern Events Calendar LiteCWE-284--2021-03-18
CVE-2021-24147 Modern Events Calendar Lite < 5.16.5 - Authenticated Stored Cross-Site Scripting (XSS) — Modern Events Calendar LiteCWE-79 5.4 -2021-03-18
CVE-2021-24148 MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple — MStore APICWE-287 7.5 -2021-03-18
CVE-2021-24149 Modern Events Calendar Lite < 5.16.6 - Authenticated SQL Injection — Modern Events Calendar LiteCWE-89 8.8 -2021-03-18
CVE-2021-24133 ActiveCampaign < 8.0.2 - Cross-Site Request Forgery in Settings — ActiveCampaignCWE-352 6.5 -2021-03-18
CVE-2021-24134 Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS — Constant Contact FormsCWE-79 4.8 -2021-03-18
CVE-2021-24135 WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS — WP Customer ReviewsCWE-79 5.4 -2021-03-18
CVE-2021-24136 Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS — Testimonials WidgetCWE-79 5.4 -2021-03-18
CVE-2021-24137 Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection — Blog2Social: Social Media Auto Post & SchedulerCWE-89 8.8 -2021-03-18

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.