Home
» Risk & Exploitation
» Daily threat intelligence
» Sep 8, 2024
Sep 8, 2024 Cyber Threat Intelligence
Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.
Daily summary
WordPress plugin RCE/exploit activity: 2 CVEs flagged today.
4 new critical disclosures — review patch status on exposed services.
Top threats today
Three highest-priority changes — analyst brief, not a CVE dump.
Critical exposure
CVE-2024-6924
Themetechmount Truebooker SQL Injection
CVSS 9.8
Internet-facing CMS deployments affected
New critical Themetechmount Truebooker SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-6928
Opti.marketing Opti Marketing SQL Injection
CVSS 9.8
Internet-facing CMS deployments affected
New critical Opti.marketing Opti Marketing SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Critical exposure
CVE-2024-8584
Learningdigital Orca Hcm privilege escalation
CVSS 9.8
Potential privilege escalation to admin/root
New critical Learningdigital Orca Hcm privilege escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.
Active exploitation
CISA KEV — confirmed in-the-wild exploitation.
Nothing flagged in this category for this digest.
View KEV additions
Exploitation dynamics
Nothing flagged in this category for this digest.
See EPSS increases
New critical disclosures
The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an...
The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement vi...
A vulnerability classified as critical was found in TOTOLINK AC1200 T8 4.1.5cu.861_B20230220.
Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this func...
View critical disclosures
cvelogic
Threat Intelligence