CVE-2022-1583

Published: May 30, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.

Affected (1)

Products: Webfactoryltd: External Links In New Window / New Tab

Webfactoryltd

1 product

External Links In New Window / New Tab

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Webfactoryltd External Links In New Window / New Tab	Before 1.43

Related CWEs

CWE-1022

Use of Web Link to Untrusted Target with window.opener Access

The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.

References (2)

https://wpscan.com/vulnerability/aa9d727c-4d17-4220-b8cb-e6dec30361a9

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/aa9d727c-4d17-4220-b8cb-e6dec30361a9

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.