Skip to content

Features
Pricing

Search

WordPress Plugin Vulnerabilities

Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing

Description

The plugin does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.

Affects Plugins

auto-hyperlink-urls

No known fix

References

CVE

Miscellaneous

Original Researcher

Daniel Ruf

Submitter

Daniel Ruf

Submitter website

https://daniel-ruf.de

Verified

Yes

WPVDB ID

01bbdefd-bdc3-43ef-9f35-6e7ebe786be2

Timeline

Publicly Published

2022-08-01 (about 1 years ago)

Added

2022-08-01 (about 1 years ago)

Last Updated

2023-05-01 (about 7 months ago)

Other

Published

Title

Published

2022-05-09

Title

External Links in New Window / New Tab < 1.43 - Tabnabbing

Published

2019-01-25

Title

Wise Chat <= 2.6.3 - Reverse Tabnabbing

Vulnerabilities

WordPress
Plugins
Themes
Our Stats
Submit vulnerabilities

About

How it works
Pricing
WordPress plugin
News
Contact

For Developers

Status
API details
CLI scanner

Other

Privacy
Terms of service
Submission terms
Disclosure policy
Privacy Notice for California Users

In partnership with Jetpack

GitHub
Twitter
Facebook

An

endeavor

Follow Following
- WPScan
- Already have a WordPress.com account? Log in now.
Privacy