PT-2022-13982 · WordPress · External Links In New Window / New Tab

Daniel Ruf

Published

2022-05-30

Updated

2022-06-09

CVE-2022-1583

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions External Links in New Window / New Tab WordPress plugin versions prior to 1.43

Description The issue concerns the External Links in New Window / New Tab WordPress plugin, where it fails to set window.opener to null when users click on links to external sites. This oversight may enable tabnabbing attacks to occur.

Recommendations For versions prior to 1.43, update to version 1.43 or later to resolve the issue. As a temporary workaround, consider modifying the plugin to set window.opener to null when external links are clicked, until a patch is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1022

Related Identifiers

CVE-2022-1583

Affected Products

External Links In New Window / New Tab

PT-2022-13982 · WordPress · External Links In New Window / New Tab

CVE-2022-1583

Weakness Enumeration

Related Identifiers

Affected Products

References · 4