Aug 8, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 7 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2022-2269 Wpwhitesecurity Website File Changes Monitor SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Wpwhitesecurity Website File Changes Monitor SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-2460 Digital Product Labs Wpdating SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Digital Product Labs Wpdating SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-35490 Zammad 5.2.0 is vulnerable to privilege escalation.

  • CVSS 9.8
  • Potential privilege escalation to admin/root

New critical Zammad Privilege Escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-41615 CVSS 9.8

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinp...

CVE-2022-2269 CVSS 9.8

The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement...

CVE-2022-2460 CVSS 9.8

The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to...

CVE-2022-2713 CVSS 9.8

Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.

CVE-2022-35490 CVSS 9.8

Zammad 5.2.0 is vulnerable to privilege escalation.

CVE-2022-36264 CVSS 9.1

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allo...

CVE-2022-36267 CVSS 9.8

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability.

View critical disclosures

cvelogic Threat Intelligence