Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Unknown — Vulnerabilities & Security Advisories 4138

Browse all 4138 CVE security advisories affecting Unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Unknown:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPublished
CVE-2025-3745 WP Lightbox 2 < 3.0.6.8 - Unauthenticated Stored XSS — WP Lightbox 2 6.1AIMediumAI2025-06-30
CVE-2025-5526 BuddyPress Docs < 2.2.5 - Subscriber+ Arbitrary Document Read/Update — BuddyPress Docs 6.5AIMediumAI2025-06-27
CVE-2025-5194 WP Map Block by aBlocks < 2.0.3 - Contributor+ Stored XSS via Marker — WP Map Block 5.4AIMediumAI2025-06-27
CVE-2025-5093 Responsive Lightbox & Gallery < 2.5.2 - Contributor+ Stored XSS — Responsive Lightbox & Gallery 5.4AIMediumAI2025-06-27
CVE-2025-5035 Firelight Lightbox < 2.3.16 - Contributor+ Stored XSS — Firelight Lightbox 5.4AIMediumAI2025-06-27
CVE-2021-4457 ZoomSounds < 6.05 - Unauthenticated Arbitrary File Upload — ZoomSounds 9.8AICriticalAI2025-06-25
CVE-2025-5034 WP File Download < 6.2.6 - Reflected XSS — wp-file-download 6.1AIMediumAI2025-06-21
CVE-2025-5125 Custom Post Carousels with Owl < 1.4.12 - Contributor+ Stored XSS — Custom Post Carousels with Owl 5.4AIMediumAI2025-06-20
CVE-2025-4955 tarteaucitron.io < 1.9.5 - Contributor+ Stored XSS — tarteaucitron.io 5.4AIMediumAI2025-06-18
CVE-2025-5209 Ivory Search < 5.5.10 - Admin+ Stored XSS — Ivory Search 4.8AIMediumAI2025-06-17
CVE-2025-4954 Axle Demo Importer <= 1.0.3 - Author+ Arbitrary File Upload — Axle Demo Importer 8.8AIHighAI2025-06-10
CVE-2025-4840 Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection — inprosysmedia-likes-dislikes-post 9.8AICriticalAI2025-06-10
CVE-2025-4652 Broadstreet < 1.51.8 - Reflected XSS — Broadstreet 6.1AIMediumAI2025-06-09
CVE-2025-3582 Newsletter < 8.8.5 - Admin+ Stored XSS via Form — Newsletter 4.8AIMediumAI2025-06-09
CVE-2025-3581 Newsletter < 8.8.5 - Admin+ Stored XSS via Widget — Newsletter 4.8AIMediumAI2025-06-09
CVE-2023-2921 Short URL <= 1.6.8 - Subscriber+ SQLi — Short URL 8.8AIHighAI2025-06-06
CVE-2025-4580 File Provider <= 1.2.3 - Item Deletion via CSRF — File Provider 4.3AIMediumAI2025-06-04
CVE-2025-4578 File Provider <= 1.2.3 - Unauthenticated SQLi — File Provider 9.8AICriticalAI2025-06-04
CVE-2025-4567 Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS — Post Slider and Post Carousel with Post Vertical Scrolling Widget 5.4AIMediumAI2025-06-03
CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription — Newsletter 4.8AIMediumAI2025-06-03
CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS — FancyBox for WordPress 6.1AIMediumAI2025-06-03
CVE-2025-3951 WP-Optimize < 4.2.0 - Admin+ SQLi — WP-Optimize 7.2AIHighAI2025-06-02
CVE-2025-1485 Real Cookie Banner < 5.1.6 - Admin+ Stored XSS — Real Cookie Banner: GDPR & ePrivacy Cookie Consent 4.8AIMediumAI2025-06-02
CVE-2025-4429 WordPress Gearside Developer Dashboard <= 1.0.72 - Reflected XSS — Gearside Developer Dashboard 6.1AIMediumAI2025-05-30
CVE-2025-4133 Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 - Contributor+ Stored XSS — Blog2Social: Social Media Auto Post & Scheduler 5.4AIMediumAI2025-05-22
CVE-2025-4094 Digits < 8.4.6.1 - Auth Bypass via OTP Bruteforcing — DIGITS: WordPress Mobile Number Signup and Login 9.1AICriticalAI2025-05-21
CVE-2025-2929 Order Delivery Date Pro for WooCommerce < 12.4.0 - Reflected XSS — Order Delivery Date 6.1AIMediumAI2025-05-20
CVE-2025-2561 Ninja Forms < 3.10.1 - Admin+ Stored XSS — Ninja Forms 4.8AIMediumAI2025-05-19
CVE-2025-2524 Ninja Forms < 3.10.1 - Admin+ Stored XSS — Ninja Forms 4.8AIMediumAI2025-05-19
CVE-2025-1627 Qi Blocks < 1.4 - Contributor+ Stored XSS via ToC Block — Qi Blocks 5.4AIMediumAI2025-05-19

This page lists every published CVE security advisory associated with Unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.