Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

unknown — Vulnerabilities & Security Advisories 4139

Browse all 4139 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by unknown:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPublished
CVE-2021-24902 Typebot < 1.4.3 - Admin+ Stored Cross Site Scripting — Typebot | Build beautiful conversational formsCWE-79 4.8 -2021-12-27
CVE-2021-24797 Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting — Tickera – WordPress Event TicketingCWE-79 6.1 -2021-12-27
CVE-2021-24753 Rich Reviews by Starfish < 1.9.6 - Admin+ SQL Injection — Rich Reviews by StarfishCWE-89 7.2 -2021-12-27
CVE-2021-24981 Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload — Directorist – Business Directory PluginCWE-434 8.8 -2021-12-21
CVE-2021-24956 Blog2Social < 6.8.7 - Reflected Cross-Site Scripting — Blog2Social: Social Media Auto Post & SchedulerCWE-79 6.1 -2021-12-21
CVE-2021-24941 Icegram < 2.0.5 - Reflected Cross-Site Scripting — Popups, Welcome Bar, Optins and Lead Generation Plugin – IcegramCWE-79 6.1 -2021-12-21
CVE-2021-24907 Everest Forms < 1.8.0 - Reflected Cross-Site Scripting — Contact Form, Drag and Drop Form Builder for WordPress – Everest FormsCWE-79 6.1 -2021-12-21
CVE-2021-24849 WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection — WCFM Marketplace – Best Multivendor Marketplace for WooCommerceCWE-89 9.8 -2021-12-21
CVE-2021-24846 Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection — Ni WooCommerce Custom Order StatusCWE-89 8.8 -2021-12-21
CVE-2021-24750 WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection — WP Visitor Statistics (Real Time Traffic)CWE-89 8.8 -2021-12-21
CVE-2021-24739 Logo Carousel < 3.4.2 - Unauthorised Private Post Access — Logo Carousel – Logo Slider, Logo Showcase, and Clients Logo GalleryCWE-639 8.1 -2021-12-21
CVE-2021-24738 Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting — Logo Carousel – Logo Slider, Logo Showcase, and Clients Logo GalleryCWE-79 5.4 -2021-12-21
CVE-2021-24578 SportsPress < 2.7.9 - Reflected Cross-Site Scripting — SportsPress – Sports Club & League ManagerCWE-79 6.1 -2021-12-21
CVE-2021-24972 Pixel Cat Lite < 2.6.3 - Admin+ Stored Cross-Site Scripting — Pixel Cat – Conversion Pixel ManagerCWE-79 4.8 -2021-12-13
CVE-2021-24970 All-In-One-Gallery < 2.5.0 - Admin+ Local File Inclusion — All-in-One Video GalleryCWE-22 7.2 -2021-12-13
CVE-2021-24955 ProfilePress < 3.2.3 - Reflected Cross-Site Scripting — User Registration, Login Form, User Profile & Membership – ProfilePress (Formerly WP User Avatar)CWE-79 6.1 -2021-12-13
CVE-2021-24954 ProfilePress < 3.2.3 - Reflected Cross-Site Scripting — User Registration, Login Form, User Profile & Membership – ProfilePress (Formerly WP User Avatar)CWE-79 6.1 -2021-12-13
CVE-2021-24951 LearnPress < 4.1.4 - Admin+ SQL Injection — LearnPress – WordPress LMS PluginCWE-89 7.2 -2021-12-13
CVE-2021-24946 Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection — Modern Events Calendar LiteCWE-89 9.8 -2021-12-13
CVE-2021-24945 Like Button Rating < 2.6.38 - Unauthorised Vote Export to Email & IP Addresses Disclosure — Like Button Rating ♥ LikeBtnCWE-200 6.5 -2021-12-13
CVE-2021-24932 Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting — Auto Featured Image (Auto Post Thumbnail)CWE-79 6.1 -2021-12-13
CVE-2021-24925 Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting — Modern Events Calendar LiteCWE-79 6.1 -2021-12-13
CVE-2021-24922 Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting — Pixel Cat – Conversion Pixel ManagerCWE-352 8.2 -2021-12-13
CVE-2021-24896 Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting — Caldera Forms – More Than Contact FormsCWE-79 4.8 -2021-12-13
CVE-2021-24872 Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access — Get Custom Field ValuesCWE-863 6.5 -2021-12-13
CVE-2021-24871 Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting — Get Custom Field ValuesCWE-79 5.4 -2021-12-13
CVE-2021-24863 StopBadBots < 6.67 - Unauthenticated SQL Injection — WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBotsCWE-89 7.2 -2021-12-13
CVE-2021-24861 Quotes Collection <= 2.5.2 - Admin+ SQL Injection — Quotes CollectionCWE-89 7.2 -2021-12-13
CVE-2021-24859 User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access — User meta shortcodesCWE-284 4.3 -2021-12-13
CVE-2021-24857 ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection — ToTop LinkCWE-502 9.8 -2021-12-13

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.