Search criteria
2 vulnerabilities found for Auto-hyperlink URLs by Unknown
CVE-2022-2600 (GCVE-0-2022-2600)
Vulnerability from nvd – Published: 2022-08-22 15:05 – Updated: 2024-08-03 00:46
VLAI
Title
Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing
Summary
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.
Severity
No CVSS data available.
CWE
- CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/01bbdefd-bdc3-43… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Auto-hyperlink URLs |
Affected:
5.4.1 , ≤ 5.4.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Auto-hyperlink URLs",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=\"noopener noreferer\" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1022",
"description": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:05:12.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Auto-hyperlink URLs \u003c= 5.4.1 - Tab Nabbing",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2600",
"STATE": "PUBLIC",
"TITLE": "Auto-hyperlink URLs \u003c= 5.4.1 - Tab Nabbing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Auto-hyperlink URLs",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.4.1",
"version_value": "5.4.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=\"noopener noreferer\" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2600",
"datePublished": "2022-08-22T15:05:12.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:46:03.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2600 (GCVE-0-2022-2600)
Vulnerability from cvelistv5 – Published: 2022-08-22 15:05 – Updated: 2024-08-03 00:46
VLAI
Title
Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing
Summary
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.
Severity
No CVSS data available.
CWE
- CWE-1022 - Use of Web Link to Untrusted Target with window.opener Access
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/01bbdefd-bdc3-43… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Auto-hyperlink URLs |
Affected:
5.4.1 , ≤ 5.4.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:46:03.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Auto-hyperlink URLs",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "5.4.1",
"status": "affected",
"version": "5.4.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Daniel Ruf"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=\"noopener noreferer\" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1022",
"description": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-22T15:05:12.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Auto-hyperlink URLs \u003c= 5.4.1 - Tab Nabbing",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-2600",
"STATE": "PUBLIC",
"TITLE": "Auto-hyperlink URLs \u003c= 5.4.1 - Tab Nabbing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Auto-hyperlink URLs",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.4.1",
"version_value": "5.4.1"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Daniel Ruf"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=\"noopener noreferer\" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1022 Use of Web Link to Untrusted Target with window.opener Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2600",
"datePublished": "2022-08-22T15:05:12.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:46:03.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}