MEDIUM🇬🇧 English

CVE-2022-2600

CVSS 5.4v3.1pub. 2022-08-22upd. 2024-11-21

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • Auto Hyperlink Urls Project Auto Hyperlink Urls

    APP
    Auto-Hyperlink Urls Project
    ≤ 5.4.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje