Nov 28, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 4 CVEs flagged today.
  • 9 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-52490 Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomat...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-11082 The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to mi...

  • CVSS 9.9
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-8672 The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulne...

  • CVSS 9.9
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.9) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-11082 CVSS 9.9

The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypean...

CVE-2024-11103 CVSS 9.8

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including,...

CVE-2024-11925 CVSS 9.8

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7.

CVE-2024-11979 CVSS 9.8

DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files.

CVE-2024-52338 CVSS 9.8

Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary...

CVE-2024-52474 CVSS 9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Сервис “Экспресс Платежи” Express P...

CVE-2024-52475 CVSS 9.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Auth...

CVE-2024-52490 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in pathomation Pathomation pathomation allows Upload a Web Shell to a Web S...

CVE-2024-8672 CVSS 9.9

The Widget Options – The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all ve...

View critical disclosures

cvelogic Threat Intelligence