Sep 20, 2021 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Debian Linux: public exploit or PoC linked (XXE)
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 3 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2021-29447 Wordpress is an open source CMS.

  • Public exploit or PoC available
  • Exploit activity linked
  • Internet-facing CMS deployments affected

WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.

Critical exposure

CVE-2021-24741 Schiocco Support Board - Chat And Help Desk SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Schiocco Support Board - Chat And Help Desk SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2021-40674 Wuzhicms SQL Injection

  • CVSS 9.8

New critical Wuzhicms SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-24638 CVSS 9.1

The OMGF WordPress plugin before 4.5.4 does not escape or validate the handle parameter of the REST API, which allows unauthenticated use...

CVE-2021-24741 CVSS 9.8

The Support Board WordPress plugin before 3.3.4 does not escape multiple POST parameters (such as status_code, department, user_id, conve...

CVE-2021-40674 CVSS 9.8

An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyValue parameter in coreframe/app/order/admin/index.php.

View critical disclosures

cvelogic Threat Intelligence