Vulnerabilities > Webfactoryltd > External Links IN NEW Window NEW TAB > Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-30	CVE-2022-1582	Cross-site Scripting vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. network webfactoryltd CWE-79	4.3
2022-05-30	CVE-2022-1583	Use of Web Link to Untrusted Target with window.opener Access vulnerability in Webfactoryltd External Links in NEW Window / NEW TAB The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur. network webfactoryltd CWE-1022	4.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.