Improper Input Validation in Demon Image Annotation Plugin for WordPress
CVE-2022-4171

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Demon Image Annotation
Vendor: CVE Published:; 13 December 2022

What is CVE-2022-4171?

The Demon Image Annotation Plugin for WordPress suffers from an improper input validation vulnerability in versions up to and including 5.0. This flaw arises because the plugin fails to validate the number of characters allowed during an annotation, notwithstanding the existence of a setting intended to impose character limitations. As a result, unauthenticated attackers can bypass these restrictions, allowing them to input a greater number of characters than the configuration permits. This could lead to potential exploitation of the system or unauthorized data entry, raising significant security concerns for users.

Affected Version(s)

demon image annotation * <= 5.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Nov 28, 2022

Credit

Ori Gabriel

Wordpress

What is CVE-2022-4171?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit