Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

unknown — Vulnerabilities & Security Advisories 4138

Browse all 4138 CVE security advisories affecting unknown. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products unknown:Contest GalleryDownload ManagerTutor LMS – eLearning and online course solutionEventONModern Events Calendar Litewp-eMemberAI ChatBotElementor Website BuilderNinja Forms Contact Form – The Drag and Drop Form Builder for WordPressWelcart e-CommerceLogo SliderForm Maker by 10WebBooster for WooCommerceYi Technologywp-cart-for-digital-productswp-affiliate-platformPhoto Gallery by 10WebMapPress Maps for WordPressEventPrimePopup boxWPQA BuilderWP MultiTaskingPhoto Gallery by 10Web – Mobile-Friendly Image GallerySalon booking systemSimple Download MonitorAutoptimizeVikBooking Hotel Booking Engine & PMSLearnPressNewsletter PopupNinja Forms
CVE IDTitleCVSSSeverityPaused
CVE-2025-13071 Custom Admin Menu <= 1.0.0 - Reflected XSS — Custom Admin Menu 6.1AIMediumAI2025-12-09
CVE-2025-13031 WPeMatico RSS Feed Fetcher < 2.8.13 - Contributor+ Stored XSS — WPeMatico RSS Feed Fetcher 4.8AIMediumAI2025-12-09
CVE-2025-13070 CSV to SortTable <= 4.2 - Contributor+ LFI — CSV to SortTable 6.5AIMediumAI2025-12-09
CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection — UNA CMSCWE-502 9.8AICriticalAI2025-12-04
CVE-2025-12954 Timetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOR — Timetable and Event Schedule by MotoPress 4.3AIMediumAI2025-12-03
CVE-2025-12630 Upload.am File Hosting VPN < 1.0.1 - Contributor+ Arbitrary Option Disclosure — Upload.am 4.3AIMediumAI2025-12-02
CVE-2025-13001 Donation <= 1.0 - Admin+ SQLi — donation 7.2AIHighAI2025-12-02
CVE-2025-13000 DB Access <= 0.8.7 - Subscriber+ SQLi — db-access 8.8AIHighAI2025-12-02
CVE-2025-12061 Tax Service Electronic HDM < 1.2.1 - Unauthenticated Arbitrary SQL Execution — TAX SERVICE Electronic HDM 9.8AICriticalAI2025-11-26
CVE-2025-12628 WP 2FA < 3.0.0 - Second Factor Bypass — WP 2FA 9.8AICriticalAI2025-11-24
CVE-2025-12629 Broken Link Manager <= 0.6.5 - Reflected XSS — Broken Link Manager 6.1AIMediumAI2025-11-24
CVE-2025-12569 WP Front User Submit < 5.0.0 - Open Redirect — Guest posting / Frontend Posting / Front Editor 6.1AIMediumAI2025-11-24
CVE-2025-12394 Backup Migration < 2.0.0 - Unauthenticated Backup Download — Backup Migration 5.3AIMediumAI2025-11-24
CVE-2024-14015 Studiocart <= 2.9.0 - Reflected XSS — WordPress eCommerce Plugin 6.1AIMediumAI2025-11-24
CVE-2025-11127 Mstoreapp Mobile (App <= 2.08, Multivendor <= 9.0.1) - Unauthenticated Privilege Escalation — Mstoreapp Mobile App 7.5 -2025-11-21
CVE-2025-12502 Attention Bar <= 0.7.2.1 - Admin+ SQLi — attention-bar 7.2 -2025-11-20
CVE-2025-12057 WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload — WavePlayer 9.8AICriticalAI2025-11-19
CVE-2025-9501 W3 Total Cache < 2.8.13 - Unauthenticated Command Injection — W3 Total Cache 9.8AICriticalAI2025-11-17
CVE-2025-10686 Creta Testimonial Showcase < 1.2.4 - Editor+ Local File Inclusion — Creta Testimonial Showcase 8.8 -2025-11-14
CVE-2025-11560 Team Members Showcase < 3.5.0 - Reflected XSS — Team Members Showcase 6.1 -2025-11-12
CVE-2025-11855 Age Restriction <= 3.0.2 - Subscriber+ Privilege Escalation — age-restriction 8.8 -2025-11-11
CVE-2025-11307 WP Google Maps < 9.0.48 - Unauthenticated Stored XSS — WP Go Maps (formerly WP Google Maps) 6.1 -2025-11-11
CVE-2025-11237 Make Email Customizer for WooCommerce <= 1.0.6 - Subscriber+ Arbitrary Options Update — Make Email Customizer for WooCommerce 6.5 -2025-11-11
CVE-2025-6027 Ace User Management <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest — Ace User Management 8.8 -2025-11-05
CVE-2025-11072 Download Counter Button <= 1.8.6.7 - Unauthenticated Arbitrary File Download — MelAbu WP Download Counter Button 7.5 -2025-11-05
CVE-2025-10873 Elementinvader Addons for Elementor < 1.4.1 – Unauthenticated Arbitrary Email Sending — ElementInvader Addons for Elementor 5.3 -2025-11-05
CVE-2025-10567 FunnelKit < 3.12.0.1 - Reflected XSS — FunnelKit 6.1 -2025-11-05
CVE-2025-5397 Jobmonster - Job Board WordPress Theme <= 4.8.1 - Authentication Bypass — Noo JobMonsterCWE-288 9.8 Critical2025-10-31
CVE-2025-11191 RealPress < 1.1.0 - Unauthenticated Content Creation/Email Sending via REST — RealPress 5.3 -2025-10-31
CVE-2025-10636 NS Maintenance Mode for WP <= 1.3.1 - Admin+ Stored XSS — NS Maintenance Mode for WP 4.8AIMediumAI2025-10-30

This page lists every published CVE security advisory associated with unknown. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.