Home
» Risk & Exploitation
» Daily threat intelligence
» Mar 21, 2022
Mar 21, 2022 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
10 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2022-0739
Reputeinfosystems Bookingpress SQL Injection
CVSS 9.8
Internet-facing CMS deployments affected
New critical Reputeinfosystems Bookingpress SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-0747
Quantumcloud Infographic Maker SQL Injection
CVSS 9.8
Internet-facing CMS deployments affected
New critical Quantumcloud Infographic Maker SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2022-0760
Quantumcloud Simple Link Directory SQL Injection
CVSS 9.8
Internet-facing CMS deployments affected
New critical Quantumcloud Simple Link Directory SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically con...
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement...
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL state...
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy.
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix.
A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload i...
Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when...
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint.
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client en...
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint.
View critical disclosures
cvelogic
Threat Intelligence