Auto Hyperlink Urls
Monthly
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.