Mar 21, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-0739 Reputeinfosystems Bookingpress SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Reputeinfosystems Bookingpress SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-0747 Quantumcloud Infographic Maker SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Quantumcloud Infographic Maker SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-0760 Quantumcloud Simple Link Directory SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Quantumcloud Simple Link Directory SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2022-0739 CVSS 9.8

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically con...

CVE-2022-0747 CVSS 9.8

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement...

CVE-2022-0760 CVSS 9.8

The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL state...

CVE-2022-24766 CVSS 9.8

mitmproxy is an interactive, SSL/TLS-capable intercepting proxy.

CVE-2022-26148 CVSS 9.8

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix.

CVE-2022-26174 CVSS 9.8

A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload i...

CVE-2022-26184 CVSS 9.8

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when...

CVE-2022-26283 CVSS 9.8

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint.

CVE-2022-26284 CVSS 9.8

Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client en...

CVE-2022-26285 CVSS 9.8

Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint.

View critical disclosures

cvelogic Threat Intelligence