The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/cbb75383-4351-4488-aaca-ddb0f6f120cd | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2022-05-30 02:15
Updated : 2022-06-08 08:25
NVD link : CVE-2022-1582
Mitre link : CVE-2022-1582
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
webfactoryltd
- external_links_in_new_window_\/_new_tab