CVE-2022-4171

EPSS 0.69%
Veröffentlicht 13.12.2022 21:15:11
Zuletzt bearbeitet 08.04.2026 19:17:55
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

demon image annotation <= 5.0 - Improper Input Restriction Validation

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.

Mögliche Gegenmaßnahme

demon image annotation: Update to version 5.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Superwhite ≫ Demon Image Annotation SwPlatformwordpress Version <= 5.0

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt demon image annotation

Version *-5.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.69%	0.479

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
security@wordfence.com	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-1284 Improper Validation of Specified Quantity in Input

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2830349%40demon-image-annotation&new=2830349%40demon-image-annotation&sfp_email=&sfph_mail=

Patch

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4?source=cve

https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4171

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4171

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4171

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-4171