What the vulnerability does
01Description
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.
CVE-2022-1582
CVE-2022-1582: External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting
CVSS base score
—
Key dates
02Disclosure timeline
May 30, 2022
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-54016 WordPress Videopack plugin <= 4.10.3 - Cross Site Scripting (XSS) Vulnerability
CVE-2024-29818 WordPress WP Poll Maker plugin <= 3.1 - Authenticated Cross Site Scripting (XSS) vulnerability
CVE-2023-43733 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS)
CVE-2024-13388 TCBD Tooltip <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2020-29025 DOM-based Javascript injection
