Jordy Versmissen

#11798of 53,635
23.3Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2023-14099
8.8
2023-01-23
WordPress · Wp Statistics · CVE-2022-4230
**Name of the Vulnerable Software and Affected Versions** WP Statistics versions prior to 13.2.9 **Description** The issue allows authenticated users to perform SQL Injection attacks due to a parameter not being escaped. By default, the affected feature is available to users with the manage options capability, which includes administrators and above. However, the plugin has a setting that can allow low-privilege users to access this feature as well. **Recommendations** For versions prior to 13.2.9, update to version 13.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected feature to only high-privilege users by disabling the setting that allows low-privilege users to access it.
PT-2021-7636
7.8
2021-11-09
Grafana · Grafana · CVE-2021-43798
**Name of the Vulnerable Software and Affected Versions** Grafana versions 8.0.0-beta1 through 8.3.0 **Description** Grafana is vulnerable to a directory traversal vulnerability, allowing attackers to access local files. The vulnerable URL path is: `<grafana host url>/public/plugins/<plugin-id>/`, where <plugin-id> is the plugin ID for any installed plugin. Numerous reports indicate a resurgence of exploitation attempts, with attackers targeting systems internationally, including critical infrastructure. The vulnerability allows unauthorized access to local files, potentially exposing sensitive data. The vulnerability is exploitable via specifically crafted HTTP requests. **Recommendations** Upgrade Grafana to version 8.0.7, 8.1.8, 8.2.7, or 8.3.1 as soon as possible. If upgrading is not feasible, implement a reverse proxy in front of Grafana to normalize the PATH of the request, such as using the `normalize path` setting in Envoy.
PT-2021-16765
6.7
2021-10-11
Unknown · Kubernetes Java Client Libraries · CVE-2021-25738
**Name of the Vulnerable Software and Affected Versions** Kubernetes Java Client library (affected versions not specified) **Description** Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.