Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Auto-hyperlink URLs by Unknown
CVE-2022-2600 (GCVE-0-2022-2600)
Vulnerability from cvelistv5 – Published: 2022-08-22 15:05 – Updated: 2024-08-03 00:46
VLAI
Title
Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing
Summary
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.
Severity
No CVSS data available.
CWE
- CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/01bbdefd-bdc3-43… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Auto-hyperlink URLs |
Affected:
5.4.1 , ≤ 5.4.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Auto-hyperlink URLs",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=\"noopener noreferer\" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1022",
"description": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:05:12.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Auto-hyperlink URLs \u003c= 5.4.1 - Tab Nabbing",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2600",
"STATE": "PUBLIC",
"TITLE": "Auto-hyperlink URLs \u003c= 5.4.1 - Tab Nabbing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Auto-hyperlink URLs",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.4.1",
"version_value": "5.4.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=\"noopener noreferer\" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2600",
"datePublished": "2022-08-22T15:05:12.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:46:03.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2600 (GCVE-0-2022-2600)
Vulnerability from nvd – Published: 2022-08-22 15:05 – Updated: 2024-08-03 00:46
VLAI
Title
Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing
Summary
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.
Severity
No CVSS data available.
CWE
- CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/01bbdefd-bdc3-43… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Auto-hyperlink URLs |
Affected:
5.4.1 , ≤ 5.4.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Auto-hyperlink URLs",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=\"noopener noreferer\" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1022",
"description": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:05:12.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Auto-hyperlink URLs \u003c= 5.4.1 - Tab Nabbing",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2600",
"STATE": "PUBLIC",
"TITLE": "Auto-hyperlink URLs \u003c= 5.4.1 - Tab Nabbing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Auto-hyperlink URLs",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.4.1",
"version_value": "5.4.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=\"noopener noreferer\" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2600",
"datePublished": "2022-08-22T15:05:12.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:46:03.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}