• I’ve mentioned this before, but seems it’s still not resolved. Monthly we receive Qualys Reports from the Cybersecurity and Infrastructure Security Agency (CISA) which is a part of the Department of Homeland Security. On the links you have target=”blank” (i.e. GoogleCal, Directions Google Maps, anything that contains _blank) you should really add either rel=”noreferrer”, rel=”noopener” or rel=”noopener noreferrer” to help prevent reverse tabnabbing. Reverse Tabnabbing is an attack where the target page is replaced by a phishing site. Attackers can use JavaScript’s window.opener and inject a malicious domain in the url. When the user clicks on the html link, they can get redirected to a phishing or unintentional website. It’s already the default for WordPress and should be a relatively easy fix to bring it up to standard. Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support ArtemSupport

    (@artemsupport)

    Hello,

    Thank you for your messages!

    I am going to escalate this ticket to development to help in here. Please allow us some time to address this, and we truly appreciate your patience. Thank you for being a valued EventON customer!

    Plugin Author Ashan Perera

    (@ashanjay)

    Thank you for sharing this with us, we will implement this and get a new version out shortly!

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.