CVE-2022-4171
demon image annotation <= 5.0 - Improper Input Restriction Validation
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.
| CWE | CWE-1284 |
| Vendor | demonisblack |
| Product | demon image annotation |
| Published | Dec 13, 2022 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for demonisblack demon image annotation
Be the first to know when new medium vulnerabilities affecting demonisblack demon image annotation are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
demonisblack / demon image annotation
0 โค 5.0
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2830349%40demon-image-annotation&new=2830349%40demon-image-annotation&sfp_email=&sfph_mail= wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4
Credits
Ori Gabriel