MEDIUM🇵🇱 Wersja polska

CVE-2022-1583

CVSS 6.5v3.1pub. 2022-05-30upd. 2024-11-21

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
  • Webfactoryltd External Links In New Window \/ New Tab

    APP
    Webfactoryltd
    < 1.43
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-1582MEDIUM6.1ten sam produkt

The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it conca...

CVE-2020-7048CRITICAL9.1ten sam vendor

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to ...

CVE-2019-19915CRITICAL9.0ten sam vendor

The "301 Redirects - Easy Redirect Manager" plugin before 2.45 for WordPress allows users (with subscriber or ...

CVE-2023-50837HIGH7.6ten sam vendor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFacto...

CVE-2021-36908HIGH8.8ten sam vendor

Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions.