Vulnerability CVE-2022-2600
Published: 2022-08-22

Description:
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.

Type:

CWE-1022

 References:
https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2
Copyright 2026, cxsecurity.com

 

Back to Top