MEDIUM🇵🇱 Wersja polska

CVE-2022-2600

CVSS 5.4v3.1pub. 2022-08-22upd. 2024-11-21

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • Auto Hyperlink Urls Project Auto Hyperlink Urls

    APP
    Auto-Hyperlink Urls Project
    ≤ 5.4.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References