Apr 5, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Vercel Next.js: public exploit or PoC linked (privilege escalation)
  • WordPress plugin RCE/exploit activity: 2 CVEs flagged today.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2023-5360 Royal-elementor-addons Royal Elementor Addons RCE

  • Public exploit or PoC available
  • Exploit activity linked
  • Internet-facing CMS deployments affected

WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.

Active exploit activity

CVE-2024-1234 Exclusiveaddons Exclusive Addons For Elementor XSS

  • Public exploit or PoC available
  • Exploit activity linked
  • Internet-facing CMS deployments affected

WordPress plugin exposure with public exploit material — mass targeting of internet-facing CMS installs is common once PoCs circulate.

Critical exposure

CVE-2021-47667 Zendto Command Injection

  • CVSS 10

New critical Zendto Command Injection (CVSS 10) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2025-2294 Exploit

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thek...

CVE-2025-29927 Exploit

Next.js is a React framework for building full-stack web applications.

CVE-2024-7801 Exploit

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip TimeProvider 4100 (Data p...

CVE-2024-35133 Exploit

IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, u...

CVE-2024-1234 Exploit

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions u...

CVE-2023-5360 Exploit

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unau...

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-47667 CVSS 10

An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote atta...

CVE-2025-2941 CVSS 9.8

The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file moving due to insufficient fi...

View critical disclosures

cvelogic Threat Intelligence