Feb 2, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Domaincheckplugin Domain Check: public exploit or PoC linked (XSS)
  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2015-9323 The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

  • Public exploit or PoC available
  • Exploit activity linked
  • Internet-facing CMS deployments affected

WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.

Active exploit activity

CVE-2017-9841 PHPUnit Command Injection

  • Public exploit or PoC available
  • Exploit activity linked

PHPUnit Command Injection now has public exploit or PoC linkage — assume opportunistic scanning and targeted follow-on activity.

Critical exposure

CVE-2021-42637 Printerlogic Web Stack SSRF

  • CVSS 9.8

New critical Printerlogic Web Stack SSRF (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2022-0377 Exploit

Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration.

CVE-2021-24926 Exploit

The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page,...

CVE-2022-0332 Exploit

A flaw was found in Moodle in versions 3.11 to 3.11.4.

CVE-2021-24786 Exploit

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the "orderby" GET parameter before using it in a...

CVE-2021-37391 Exploit

A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/so...

CVE-2021-24488 Exploit

The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised bef...

CVE-2021-24300 Exploit

The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanit...

CVE-2021-24247 Exploit

The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lackin...

CVE-2015-9323 Exploit

The 404-to-301 plugin before 2.0.3 for WordPress has SQL injection.

CVE-2019-11707 Exploit

Mozilla Firefox and Thunderbird Type Confusion

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-24043 CVSS 9.1

A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, Whats...

CVE-2021-39070 CVSS 9.8

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an...

CVE-2021-42637 CVSS 9.8

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-controlled input to craft a URL, resulting in a Server Side Request Forg...

CVE-2021-42640 CVSS 9.1

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that a...

CVE-2022-21817 CVSS 9.3

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker,...

CVE-2022-23357 CVSS 9.1

mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter curent_dir.

CVE-2022-24300 CVSS 9.8

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack m...

View critical disclosures

cvelogic Threat Intelligence