Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

unknown — Vulnerabilities & Security Advisories 4138

Browse all 4138 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by unknown:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPublished
CVE-2026-4512 WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS — reCaptcha by WebDesignBy 4.8AIMediumAI2026-04-23
CVE-2026-4106 HT Mega < 3.0.7 – Unauthenticated PII Disclosure — HT Mega Addons for Elementor 5.3AIMediumAI2026-04-23
CVE-2024-7083 Email Encoder < 2.3.4 - Admin+ Stored XSS — Email Encoder 4.8AIMediumAI2026-04-20
CVE-2026-3830 Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi — Product Filter for WooCommerce by WBW 9.8 -2026-04-13
CVE-2025-15441 Form Maker < 1.15.38 - SQL Injection — Form Maker by 10Web 9.8 -2026-04-13
CVE-2026-4432 YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR — YITH WooCommerce Wishlist 5.3 -2026-04-10
CVE-2025-14545 YML for Yandex Market < 5.0.26 - Shop Manager+ RCE via Feed Generation — YML for Yandex Market 9.8 -2026-04-10
CVE-2026-4338 ActivityPub Routing < 8.0.2 - Unauthenticated Drafts/Scheduled/Pending Posts Disclosure — ActivityPub 5.3AIMediumAI2026-04-08
CVE-2026-4079 SQL Chart Builder < 2.3.8 - Unauthenticated SQL Injection — SQL Chart Builder 9.8AICriticalAI2026-04-07
CVE-2026-1900 Link Whisper Free < 0.9.1 - Unauthenticated Settings and User Meta Update — Link Whisper Free 5.3AIMediumAI2026-04-07
CVE-2025-15611 Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF — Popup Box 7.1AIHighAI2026-04-07
CVE-2026-1540 Spam Protect for Contact Form 7 < 1.2.10 - Editor+ Remote Code Execution — Spam Protect for Contact Form 7 7.2AIHighAI2026-04-02
CVE-2026-2696 Export All URLs < 5.1 - Unauthenticated Sensitive Data Exposure — Export All URLs 7.5AIHighAI2026-04-01
CVE-2025-15484 Order Notification for WooCommerce < 3.6.3 - Unauthenticated WooCommerce REST Permission Bypass — Order Notification for WooCommerce 9.1AICriticalAI2026-04-01
CVE-2026-3881 Performance Monitor <= 1.0.6 - Unauthenticated Blind SSRF — Performance Monitor 9.1AICriticalAI2026-03-31
CVE-2025-15445 Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation — Restaurant Cafeteria 8.8 -2026-03-28
CVE-2026-1890 LeadConnector < 3.0.22 - Unauthenticated Rest Call — LeadConnector 7.5 -2026-03-26
CVE-2026-1430 WP Lightbox 2 < 3.0.7 - Admin+ Stored XSS — WP Lightbox 2 4.8 -2026-03-26
CVE-2025-15488 Responsive Plus < 3.4.3 - Unauthenticated Arbitrary Shortcode Execution — Responsive Plus 9.8 -2026-03-26
CVE-2025-15433 Shared Files < 1.7.58 - Contributor+ Arbitrary File Download — Shared Files 6.5 -2026-03-26
CVE-2026-2343 PeproDev Ultimate Invoice <= 2.2.5 - Unauthenticated Invoice Archive Download — PeproDev Ultimate Invoice 9.1 -2026-03-25
CVE-2026-1969 ThemeREX Addons < 2.38.5 - Unauthenticated Arbitrary File Upload — trx_addons 9.1 -2026-03-23
CVE-2025-15363 Get Use APIs < 2.0.10 - Contributor+ Stored XSS — Get Use APIs 5.4 -2026-03-18
CVE-2026-2687 Reading progressbar < 1.3.1 - Admin+ Stored XSS — Reading progressbar 4.8AIMediumAI2026-03-12
CVE-2025-15473 Timetics < 1.0.52 - Unauthenticated Payment/Booking Status Update — Timetics 5.3AIMediumAI2026-03-12
CVE-2019-25474 Easy MP3 Downloader 4.7.8.8 Denial of Service Buffer Overflow — Easy MP3 Downloader Denial of ServiceCWE-787 6.2 Medium2026-03-11
CVE-2026-2626 Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection — divi-booster 7.5AIHighAI2026-03-11
CVE-2026-2631 Datalogics Ecommerce Delivery < 2.6.60 - Unauthenticated Privilege Escalation — Datalogics Ecommerce Delivery 9.8AICriticalAI2026-03-11
CVE-2026-2466 DukaPress <= 3.2.4 - Reflected XSS — DukaPress 6.1AIMediumAI2026-03-11
CVE-2026-1867 WP Front User Submit < 5.0.6 - Unauthenticated Sensitive Information Exposure — Guest posting / Frontend Posting / Front Editor 7.5AIHighAI2026-03-11

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.