External Links in New Window / New Tab < 1.43 – Unauthenticated Stored Cross-Site Scripting | CVE 2022-1582

Description

The plugin does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.

Proof of Concept

On any post on the affected site, add the following link to a comment:

<a href="http://domain.tld/'-alert(1)-'/">Click here for XSS</a>

Click on the link, you should be getting an alert box.

Affects Plugins

open-external-links-in-a-new-window

Fixed in 1.43

References

CVE

CVE-2022-1582

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

4.7 (medium)

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

cbb75383-4351-4488-aaca-ddb0f6f120cd

Timeline

Publicly Published

2022-05-09 (about 3 years ago)

Added

2022-05-09 (about 3 years ago)

Last Updated

2022-05-09 (about 3 years ago)

Other

Published

Title

Published

2024-12-30

Title

GS Coaches < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-02-27

Title

Modal Portfolio <= 1.7.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Published

2024-04-08

Title

Ultimate Store Kit Elementor Addons < 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2017-02-20

Title

AnyVar 0.1.1 - Stored Cross-Site Scripting (XSS)

Published

2025-01-16

Title

Local Shipping Labels for WooCommerce <= 1.0.0 - Reflected Cross-Site Scripting