CVE-2022-1582 – External Links in New Window / New Tab < 1.43 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1582
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. El plugin External Links in New Window / New Tab de WordPress versiones anteriores a 1.43, no escapa correctamente las URLs que concatena en los manejadores de eventos onclick, lo que hace posible ataques de tipo Cross-Site Scripting Almacenado • https://wpscan.com/vulnerability/cbb75383-4351-4488-aaca-ddb0f6f120cd • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-1583 – External Links in New Window / New Tab < 1.43 - Tabnabbing
https://notcve.org/view.php?id=CVE-2022-1583
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur. El plugin External Links in New Window / New Tab de WordPress versiones anteriores a 1.43, no es asegurado de que window.opener sea establecido en "null" cuando hace clic en enlaces a sitios externos, lo que podría permitir que sean producidos ataques de tabnabbing • https://wpscan.com/vulnerability/aa9d727c-4d17-4220-b8cb-e6dec30361a9 • CWE-1022: Use of Web Link to Untrusted Target with window.opener Access •