CVE-2022-1583: 
WordPress vulnerability analysis and mitigation

The External Links in New Window / New Tab WordPress plugin before version 1.43 contains a security vulnerability identified as CVE-2022-1583. The vulnerability exists because the plugin does not ensure window.opener is set to "null" when links to external sites are clicked, potentially enabling tabnabbing attacks (WPScan). The issue was publicly disclosed on May 9, 2022, and affects the WordPress plugin 'open-external-links-in-a-new-window' (CVE Mitre).

The vulnerability stems from improper handling of external links when they are opened in new windows or tabs. When clicking on external links, the window.opener property remains accessible, which could be exploited through tabnabbing attacks. This can be verified by creating an external link and checking the window.opener value in the newly opened tab (WPScan).

The vulnerability could allow malicious websites opened in new tabs to manipulate the original page through tabnabbing attacks, potentially leading to phishing attacks or other malicious activities (WPScan).

The vulnerability has been fixed in version 1.43 of the External Links in New Window / New Tab plugin. Users are advised to update to this version or later to mitigate the risk (WPScan).