CVE-2023-41650 – WordPress Remove/hide Author, Date, Category Like Entry-Meta Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41650
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Venugopal Remove/hide Author, Date, Category Like Entry-Meta en versiones <= 2.1. The Remove/hide Author, Date, Category Like Entry-Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the remove_a_d_c() function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/removehide-author-date-category-like-entry-meta/wordpress-remove-hide-author-date-category-like-entry-meta-plugin-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2020-26289 – Regular expression Denial of Service in date-and-time
https://notcve.org/view.php?id=CVE-2020-26289
date-and-time is an npm package for manipulating date and time. In date-and-time before version 0.14.2, there a regular expression involved in parsing which can be exploited to to cause a denial of service. This is fixed in version 0.14.2. date-and-time es un paquete npm para manipular la fecha y la hora. En date-and-time versión anterior a 0.14.2, se presenta una expresión regular involucrada en el análisis que puede ser explotada para causar una denegación de servicio. Esto es corregido en la versión 0.14.2 A flaw was found in nodejs-date-and-time. • https://github.com/knowledgecode/date-and-time/commit/9e4b501eacddccc8b1f559fb414f48472ee17c2a https://github.com/knowledgecode/date-and-time/security/advisories/GHSA-r92x-f52r-x54g https://www.npmjs.com/package/date-and-time https://access.redhat.com/security/cve/CVE-2020-26289 https://bugzilla.redhat.com/show_bug.cgi?id=1911627 • CWE-400: Uncontrolled Resource Consumption •
CVE-2014-5169
https://notcve.org/view.php?id=CVE-2014-5169
Cross-site scripting (XSS) vulnerability in the Date module before 7.x-2.8 for Drupal allows remote authenticated users with the permission to create a date field to inject arbitrary web script or HTML via the date field title. Vulnerabilidad de XSS en el módulo Date anterior a 7.x-2.8 para Drupal permite a usuarios remotos autenticados con permiso para crear un campo de fecha inyectar secuencias de comandos web o HTML arbitrarios a través del título del campo de fecha. • http://www.openwall.com/lists/oss-security/2014/07/31/2 http://www.openwall.com/lists/oss-security/2014/07/31/4 http://www.securityfocus.com/bid/68974 https://www.drupal.org/node/2311887 https://www.drupal.org/node/2312609 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •