Vulnerabilities > CVE-2022-2600 - Unspecified vulnerability in Auto-Hyperlink Urls Project Auto-Hyperlink Urls 5.4.1

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
auto-hyperlink-urls-project

Summary

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.

Vulnerable Configurations

Part Description Count
Application
Auto-Hyperlink_Urls_Project
1