Sep 25, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 6 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-8275 Stellarwp The Events Calendar SQL Injection

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Stellarwp The Events Calendar SQL Injection (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

High-risk exposure

CVE-2024-4657

  • CVSS 9.3

New critical-severity CVE in today's window — elevated exposure signal, early in the lifecycle.

High-risk exposure

CVE-2024-6592 Watchguard Authentication Gateway Auth Bypass

  • CVSS 9.1
  • Authentication bypass — unauthenticated access risk

New high-severity Watchguard Authentication Gateway Auth Bypass — watch for exploit drops and scanner noise in the first 72 hours after disclosure.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-4657 CVSS 9.3

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software BAP Automati...

CVE-2024-6592 CVSS 9.1

Incorrect Authorization vulnerability in the protocol communication between the WatchGuard Authentication Gateway (aka Single Sign-On Age...

CVE-2024-6593 CVSS 9.1

Incorrect Authorization vulnerability in WatchGuard Authentication Gateway (aka Single Sign-On Agent) on Windows allows an attacker with...

CVE-2024-7385 CVSS 9.1

The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and i...

CVE-2024-8275 CVSS 9.8

The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' funct...

CVE-2024-8514 CVSS 9.1

The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and includin...

View critical disclosures

cvelogic Threat Intelligence