The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2022-08-22T15:05:12
Updated: 2022-08-22T15:05:12
Reserved: 2022-08-01T00:00:00
Link: CVE-2022-2600
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-22T15:15:15.710
Modified: 2022-08-23T17:24:48.877
Link: CVE-2022-2600
JSON object: View
Redhat Information
No data.