Aug 30, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

High-risk exposure

CVE-2024-8016 Theeventscalendar Events Calendar Pro Deserialization

  • CVSS 9.1
  • Internet-facing CMS deployments affected

New high-severity Theeventscalendar Events Calendar Pro Deserialization — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

High-risk exposure

CVE-2024-3673 Salephpscripts Web Directory Free

  • CVSS 9.1
  • Internet-facing CMS deployments affected

New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-3673 CVSS 9.1

The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to L...

CVE-2024-8016 CVSS 9.1

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deseri...

View critical disclosures

cvelogic Threat Intelligence