Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

unknown — Vulnerabilities & Security Advisories 4138

Browse all 4138 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products unknown:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPaused
CVE-2025-14719 Relevanssi (Free < 4.26.0, Premium < 2.29.0) - Contributor+ SQLi — Relevanssi 8.8 -2026-01-07
CVE-2025-9543 FlexTable Google Sheets Connector < 3.19.2 - Admin+ Stored XSS — FlexTable 4.8 -2026-01-05
CVE-2025-14124 Team < 5.0.11 - Unauthenticated SQLi — Team 9.8 -2026-01-05
CVE-2025-13456 Shopbuilder < 3.2.2 - Reflected XSS — ShopBuilder 6.1 -2026-01-02
CVE-2025-14072 Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission Disclosure — Ninja Forms 5.3 -2026-01-02
CVE-2025-13153 Logo Slider < 4.9.0 - Contributor+ Stored XSS — Logo Slider 5.4 -2026-01-02
CVE-2025-12685 WPBookit <= 1.0.7 - Customer Deletion via CSRF — WPBookit 4.3 -2026-01-02
CVE-2025-13820 Comments – wpDiscuz < 7.6.40 - Unauthenticated Account Takeover — Comments 9.8 -2026-01-01
CVE-2025-14434 Ultimate Post Kit < 4.0.16 – Unauthenticated Arbitrary Post Content Disclosure — Ultimate Post Kit Addons for Elementor 5.3 -2025-12-31
CVE-2025-13029 Knowband Mobile App Builder for wooCommerce < 3.0.0 – Unauthenticated Arbitrary User Deletion — Knowband Mobile App Builder 7.5 -2025-12-31
CVE-2025-14313 Advance WP Query Search Filter <= 1.0.10 - Reflected XSS via taxo_ajax — Advance WP Query Search Filter 6.1 -2025-12-30
CVE-2025-14312 Advance WP Query Search Filter <= 1.0.10 - Reflected XSS via counter — Advance WP Query Search Filter 6.1 -2025-12-30
CVE-2025-13958 YaMaps < 0.6.40 - Contributor+ Stored XSS — YaMaps for WordPress Plugin 5.4 -2025-12-29
CVE-2025-13417 Plugin Organizer < 10.2.4 - Subscriber+ SQLi — Plugin Organizer 8.8 -2025-12-29
CVE-2025-13407 GravityForms < 2.9.23.1 - Unauthenticated Arbitrary File Upload — Gravity Forms 9.8AICriticalAI2025-12-24
CVE-2025-12820 Pure WC Variation Swatches <= 1.1.7 - Unauthenticated Settings Update — Pure WC Variation Swatches 4.3AIMediumAI2025-12-20
CVE-2025-13307 Ocean Modal Window < 2.3.3 - Editor+ Remote Code Execution via Modal Conditions — Ocean Modal Window 7.2AIHighAI2025-12-19
CVE-2023-53901 WBCE CMS 1.6.1 Cross-Site Scripting and Open Redirect Vulnerability — WBCE CMSCWE-601 5.4 Medium2025-12-16
CVE-2023-53899 PodcastGenerator 3.2.9 Blind Server-Side Request Forgery via XML Injection — UnknownCWE-918 9.8 Critical2025-12-16
CVE-2025-12684 URL Shortify < 1.11.3 - Reflected XSS — URL Shortify 6.1AIMediumAI2025-12-15
CVE-2025-13355 URL Shortify < 1.11.4 - Reflected XSS — URL Shortify 6.1AIMediumAI2025-12-15
CVE-2025-11363 Royal Elementor Addons and Templates < 1.7.1037 - Unauthenticated Media File Upload — Royal Addons for Elementor 7.5AIHighAI2025-12-15
CVE-2025-12696 HelloLeads CRM Form Shortcode <= 1.0 - Unauthenticated Settings Reset — HelloLeads CRM Form Shortcode 5.3AIMediumAI2025-12-14
CVE-2025-9116 WPS Visitor Counter Plugin <= 1.4.8 - Reflected XSS via $_SERVER['REQUEST_URI'] — WPS Visitor Counter 6.1AIMediumAI2025-12-13
CVE-2024-14010 Typora 1.7.4 OS Command Injection via Export PDF Preferences — TyporaCWE-78 9.8 Critical2025-12-12
CVE-2025-12835 WooMulti <= 1.7 - Subscriber+ Arbitrary File Deletion — WooMulti 8.1AIHighAI2025-12-12
CVE-2025-12841 Bookit < 2.5.1 – Unauthenticated Settings Update — Bookit 7.5AIHighAI2025-12-12
CVE-2025-10684 Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation — Construction Light 6.5AIMediumAI2025-12-12
CVE-2025-13073 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via handl_landing_page — HandL UTM Grabber / Tracker 6.1AIMediumAI2025-12-10
CVE-2025-13072 HandL UTM Grabber / Tracker < 2.8.1 - Reflected XSS via utm_source — HandL UTM Grabber / Tracker 6.1AIMediumAI2025-12-10

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.