Dec 31, 2023 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2023-52181 Presslabs Theme Per User Deserialization

CVSS 10

New critical Presslabs Theme Per User Deserialization (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2023-52182 Ari-soft Ari Stream Quiz Deserialization

CVSS 9.9
Internet-facing CMS deployments affected

New critical Ari-soft Ari Stream Quiz Deserialization (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

High-risk exposure

CVE-2023-51423 Saleswonder Webinarignition SQL Injection

CVSS 9.3

New high-severity Saleswonder Webinarignition SQL Injection — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2023-39157 CVSS 9

Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.This issue affects JetEle...

CVE-2023-49777 CVSS 9.1

Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-...

CVE-2023-51423 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team Webinar Plugin: Cr...

CVE-2023-51469 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestres do WP Checkout Mestres WP.T...

CVE-2023-52181 CVSS 10

Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1.

CVE-2023-52182 CVSS 9.9

Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Qui...

View critical disclosures

cvelogic Threat Intelligence