Improper Input Validation in Demon Image Annotation Plugin for WordPress
CVE-2022-4171

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Demon Image Annotation
Vendor: CVE Published:; 13 December 2022

Summary

The Demon Image Annotation Plugin for WordPress suffers from an improper input validation vulnerability in versions up to and including 5.0. This flaw arises because the plugin fails to validate the number of characters allowed during an annotation, notwithstanding the existence of a setting intended to impose character limitations. As a result, unauthenticated attackers can bypass these restrictions, allowing them to input a greater number of characters than the configuration permits. This could lead to potential exploitation of the system or unauthorized data entry, raising significant security concerns for users.

Affected Version(s)

demon image annotation * <= 5.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Nov 28, 2022

Credit

Ori Gabriel