PT-2022-17629 · WordPress · Auto-Hyperlink Urls
Daniel Ruf
·
Published
2022-08-22
·
Updated
2022-08-23
·
CVE-2022-2600
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Auto-hyperlink URLs WordPress plugin versions through 5.4.1
Description
The issue allows for Tab Nabbing, giving the target site access to the source tab through the window.opener DOM object, because the plugin does not set rel="noopener noreferer" on generated links.
Recommendations
For Auto-hyperlink URLs WordPress plugin versions through 5.4.1, consider updating to a version that includes the fix for this issue, which should set rel="noopener noreferer" on generated links to prevent Tab Nabbing.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Auto-Hyperlink Urls