Feb 14, 2026 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 3 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-8572 The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less t...

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2026-1306 The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file t...

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2026-1490 The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unaut...

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-8572 CVSS 9.8

The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7.

CVE-2026-1306 CVSS 9.8

The midi-Synth plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type and file extension validation in the...

CVE-2026-1490 CVSS 9.8

The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation du...

View critical disclosures

cvelogic Threat Intelligence