MEDIUM🇬🇧 English

CVE-2022-1583

CVSS 6.5v3.1pub. 2022-05-30upd. 2024-11-21

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • Webfactoryltd External Links In New Window \/ New Tab

    APP
    Webfactoryltd
    < 1.43
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-1582MEDIUM6.1ten sam produkt

The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it conca...

CVE-2020-7048CRITICAL9.1ten sam vendor

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to ...

CVE-2019-19915CRITICAL9.0ten sam vendor

The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or ...

CVE-2023-50837HIGH7.6ten sam vendor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFacto...

CVE-2021-36908HIGH8.8ten sam vendor

Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions.