WordPress Plugin Vulnerabilities

Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing

Description

The plugin does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.

Affects Plugins

auto-hyperlink-urls

No known fix - plugin closed

References

CVE

CVE-2022-2600

Classification

Type

TAB NABBING

CWE

CWE-1022

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

01bbdefd-bdc3-43ef-9f35-6e7ebe786be2

Timeline

Publicly Published

2022-08-01 (about 10 months ago)

Added

2022-08-01 (about 10 months ago)

Last Updated

2023-05-01 (about 27 days ago)

Our Other Services

WPScan WordPress Security Plugin