Dec 31, 2024 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 4 CVEs flagged today.
  • 10 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2024-56046 Vibethemes Wordpress Learning Management System

  • CVSS 10
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-56064 Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-w...

  • CVSS 10

New critical disclosure (CVSS 10) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2024-56043 Vibethemes Wordpress Learning Management System Privilege Escalation

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical Vibethemes Wordpress Learning Management System Privilege Escalation (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2024-56040 CVSS 9.8

Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a...

CVE-2024-56043 CVSS 9.8

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from...

CVE-2024-56044 CVSS 9.8

Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS wplms_plugin allows Authentication Bypass.This...

CVE-2024-56045 CVSS 9.3

Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS wplms_plugin allows Path Traversal.This issue affects WPLMS: from n/a throu...

CVE-2024-56046 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplms_plugin allows Upload a Web Shell to a Web Server....

CVE-2024-56064 CVSS 10

Unrestricted Upload of File with Dangerous Type vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup allows Upload a Web Shell...

CVE-2024-56066 CVSS 9.8

Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.This issue affects Agency Toolkit...

CVE-2024-56071 CVSS 9.8

Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue...

CVE-2024-56198 CVSS 9.3

path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal.

CVE-2024-56205 CVSS 9.8

Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affect...

View critical disclosures

cvelogic Threat Intelligence