Attackers Actively Exploiting Critical Vulnerability in Post SMTP Plugin

On October 11th, 2025, we received a submission for an Account Takeover via Email Log Disclosure vulnerability in Post SMTP, a WordPress plugin with more than 400,000 active installations. This vulnerability makes it possible for an unauthenticated attacker to view email logs, including password...

CVE-2016-20017

D-Link DSL-2750B devices before 1.05 allow remote unauthenticated command injection via the login.cgi cli parameter, as exploited in the wild in 2016 through 2022...

CVE-2024-58136

Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...

CVE-2019-8446

creationtimestamp| type| source ---|---|--- 2024-12-29 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-29 2025-01-14 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-01-14 2025-01-26 00:00:00+00:00| seen| The Shadowserv...

CVE-2024-9463

creationtimestamp| type| source ---|---|--- 2024-10-09 19:50:30+00:00| seen| https://t.me/cvedetector/7514 2024-10-10 12:00:25+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus24/2024 2024-10-10 13:17:11+00:00| published-proof-of-concept| https://t.me/truesecator/6304 2024-10-1...

CVE-2023-36845

creationtimestamp| type| source ---|---|--- 2023-08-18 00:37:41+00:00| seen| https://t.me/cibsecurity/68793 2023-08-20 06:53:11+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus14/2023 2023-08-27 15:11:36+00:00| published-proof-of-concept|...

CVE-2022-26833

creationtimestamp| type| source ---|---|--- 2022-05-26 18:20:03+00:00| seen| https://t.me/truesecator/2985 2024-10-30 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-10-30 2024-11-12 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabiliti...

CVE-2022-27824

creationtimestamp| type| source ---|---|--- 2022-04-12 00:26:04+00:00| seen| https://t.me/cibsecurity/40547 2022-08-05 21:46:39+00:00| exploited| https://t.me/BleepingComputer/13033 2022-08-06 00:34:29+00:00| exploited| https://t.me/BleepingComputer/13028...

WordPress Admin Menu Tree Page View 2.6.9 Plugin - Cross-Site Request Forgery / Privilege Escalation

Exploit for php platform in category web applications Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link:...

WordPress CMS Tree Page View 1.4 CSRF / Privilege Escalation

Exploit Title: CMS Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/cms-tree-page-view Version: 1.4 Tested on:...