Lucene search
WPScanCVE-2022-2600HistoryAug 22, 2022 - 3:15 p.m.
CVE-2022-2600
2022-08-2215:15:15
CWE-1022
WPScan
web.nvd.nist.gov
40
4
cve-2022-2600
auto-hyperlink urls
wordpress plugin
security vulnerability
tab nabbing
window.opener dom object
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=“noopener noreferer” on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.
Affected configurations
Node
auto-hyperlink_urls_projectauto-hyperlink_urlsRange≤5.4.1wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| auto-hyperlink_urls_project | auto-hyperlink_urls | * | cpe:2.3:a:auto-hyperlink_urls_project:auto-hyperlink_urls:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"product": "Auto-hyperlink URLs",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.1",
"versionType": "custom"
}
]
}
]Social References
More
Related
nvd
nvd
CVE-2022-2600
2022-08-22 15:15:15
cvelist
cvelist
CVE-2022-2600 Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing
2022-08-22 15:05:12
patchstack
patchstack
WordPress Auto-hyperlink URLs plugin <= 5.4.1 - Tab Nabbing vulnerability
2022-08-01 00:00:00
prion
prion
Code injection
2022-08-22 15:15:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS
0.001
Percentile
40.2%
Related for CVE-2022-2600