CVE-2022-2600

CVE-2022-2600: Auto-hyperlink URLs <= 5.4.1 - Tab Nabbing

Vendor Unknown
Product Auto-hyperlink URLs
Weakness CWE-1022
Published August 22, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.

Key dates

02Disclosure timeline

August 22, 2022 CVE published
August 3, 2024 Record updated