CVE-2022-1583

Exploit

EPSS 0.6%
Veröffentlicht 30.05.2022 09:15:10
Zuletzt bearbeitet 21.11.2024 06:41:00
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

External Links in New Window / New Tab <= 1.42 - Tabnabbing

The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur.

Mögliche Gegenmaßnahme

External Links in New Window / New Tab: Update to version 1.43, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt External Links in New Window / New Tab

Version * - 1.42

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Webfactoryltd ≫ External Links In New Window / New Tab SwPlatformwordpress Version < 1.43

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.685

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-1022 Use of Web Link to Untrusted Target with window.opener Access

The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.

https://wpscan.com/vulnerability/aa9d727c-4d17-4220-b8cb-e6dec30361a9

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/951b8cbd-0509-4548-ae69-6cfd67e83b1a

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-1583

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-1583

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-1583

EUVD