CVE-2022-2600 Information

Description

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel= oopener noreferer\ on generated links which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.

Reference

https://wpscan.com/vulnerability/01bbdefd-bdc3-43ef-9f35-6e7ebe786be2