unknown — Vulnerabilities & Security Advisories 4139

Browse all 4139 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2022-2409	Rough Chart <= 1.0.0 - Admin+ Stored Cross-Site Scripting — Rough ChartCWE-79	4.8	-	2022-08-08
CVE-2022-2398	WP Comments Fields < 4.1 - Admin+ Stored Cross-Site Scripting — WordPress Comments FieldsCWE-79	4.8	-	2022-08-08
CVE-2022-2395	weForms < 1.6.14 - Admin+ Stored Cross-Site Scripting — weForms – Easy Drag & Drop Contact Form Builder For WordPressCWE-79	4.8	-	2022-08-08
CVE-2022-2391	Inspiro Pro < 7.2.3 - Contributor+ Stored Cross-Site Scripting — Inspiro PROCWE-79	5.4	-	2022-08-08
CVE-2022-2386	Crowdsignal Polls & Ratings < 3.0.8 - Reflected Cross-Site Scripting — Crowdsignal Dashboard – Polls, Surveys & moreCWE-79	6.1	-	2022-08-08
CVE-2022-2372	YaySMTP < 2.2.2 - Admin+ Stored Cross-Site Scripting — YaySMTP – Simple WP SMTP MailCWE-79	4.8	-	2022-08-08
CVE-2022-2371	YaySMTP < 2.2.1 - Subscriber+ Stored Cross-Site Scripting — YaySMTP – Simple WP SMTP MailCWE-79	5.4	-	2022-08-08
CVE-2022-2367	WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass — WSM DownloaderCWE-639	7.5	-	2022-08-08
CVE-2022-2357	WSM Downloader <= 1.4.0 - Unauthenticated Arbitrary File Download — WSM DownloaderCWE-552	7.5	-	2022-08-08
CVE-2022-2356	User Private Files < 1.1.3 - Subscriber+ Arbitrary File Upload — Frontend File Manager & Sharing – User Private FilesCWE-434	8.8	-	2022-08-08
CVE-2022-2355	Easy Username Updater < 1.0.5 - Arbitrary Username Update via CSRF — Easy Username UpdaterCWE-352	6.5	-	2022-08-08
CVE-2022-2269	Website File Changes Monitor < 1.8.3 - Admin+ SQLi — Website File Changes MonitorCWE-89	7.2	-	2022-08-08
CVE-2022-2046	Directorist - Business Directory Plugin < 7.2.3 - Admin+ Arbitrary File Upload — Directorist – WordPress Business Directory Plugin with Classified Ads ListingsCWE-434	6.5	-	2022-08-08
CVE-2022-1323	Discy < 5.0 - Subscriber+ Broken Access Control to change settings — Discy	6.5	-	2022-08-08
CVE-2022-2370	YaySMTP < 2.2.1 - Subscriber+ SMTP Credentials Leak — YaySMTP	6.5	-	2022-08-01
CVE-2022-2369	YaySMTP < 2.2.1 - Subscriber+ Logs Disclosure — YaySMTP – Simple WP SMTP MailCWE-862	4.3	-	2022-08-01
CVE-2022-2328	Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting — Flexi Quote RotatorCWE-79	4.8	-	2022-08-01
CVE-2022-2325	Invitation Based Registrations <= 2.2.84 - Admin+ Stored Cross-Site Scripting — Invitation Based RegistrationsCWE-79	4.8	-	2022-08-01
CVE-2022-2317	Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation — Simple MembershipCWE-269	8.8	-	2022-08-01
CVE-2022-2305	WordPress Popup <= 1.9.3.8 - Admin+ Stored Cross-Site Scripting — Popups – WordPress PopupCWE-79	4.8	-	2022-08-01
CVE-2022-2278	Featured Image from URL < 4.0.1 - Admin+ Stored Cross-Site Scripting — Featured Image from URL (FIFU)CWE-79	4.8	-	2022-08-01
CVE-2022-2273	Simple Membership < 4.1.3 - Membership Privilege Escalation — Simple MembershipCWE-269	8.8	-	2022-08-01
CVE-2022-2260	GiveWP < 2.21.3 - DoS via CSRF — GiveWP – Donation Plugin and Fundraising PlatformCWE-352	6.5	-	2022-08-01
CVE-2022-2245	Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF — Counter Box – WordPress plugin for countdown, timer, counterCWE-352	8.8	-	2022-08-01
CVE-2022-2241	Featured Image from URL < 4.0.0 - Arbitrary Settings Update to Stored XSS via CSRF — Featured Image from URL (FIFU)	6.1	-	2022-08-01
CVE-2022-2215	GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising PlatformCWE-79	4.8	-	2022-08-01
CVE-2022-2184	CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF — CAPTCHA 4WPCWE-22	8.8	-	2022-08-01
CVE-2022-2181	Advanced WordPress Reset < 1.6 - Reflected Cross-Site Scripting — Advanced WordPress ResetCWE-79	6.1	-	2022-08-01
CVE-2022-2171	Progressive License <= 1.1.0 - CSRF to Stored XSS — Progressive LicenseCWE-352	4.6	-	2022-08-01
CVE-2022-2170	Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting — Microsoft Advertising Universal Event Tracking (UET)CWE-79	4.8	-	2022-08-01

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

unknown — Vulnerabilities & Security Advisories 4139