Jun 7, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
  • 6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-3592 Expresstech Quiz And Survey Master SQL Injection

  • CVSS 9.9
  • Internet-facing CMS deployments affected

New critical Expresstech Quiz And Survey Master SQL Injection (CVSS 9.9) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-30163 Invisioncommunity SQL Injection

  • CVSS 9.8

New critical Invisioncommunity SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2024-36673 Pharmacy\/medical Store Point Of Sale System Project Pharmacy\/medical Store Point Of Sale System SQL Injection

  • CVSS 9.8

New critical Pharmacy\/medical Store Point Of Sale System Project Pharmacy\/medical Store Point Of Sale System SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-30163 CVSS 9.8

Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\nexus\modules\front\sto...

CVE-2024-3592 CVSS 9.9

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the...

CVE-2024-36673 CVSS 9.8

Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php.

CVE-2024-37385 CVSS 9.8

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path.

CVE-2024-37388 CVSS 9.1

An XML External Entity (XXE) vulnerability in the ebookmeta.get_metadata function of lxml before v4.9.1 allows attackers to access sensit...

CVE-2024-4620 CVSS 9.8

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in...

View critical disclosures

cvelogic Threat Intelligence