Vulnerability Description
The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Superwhite | Demon Image Annotation | <= 5.0 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatchThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&oldPatchThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5fThird Party Advisory
FAQ
What is CVE-2022-4171?
CVE-2022-4171 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of character...
How severe is CVE-2022-4171?
CVE-2022-4171 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4171?
Check the references section above for vendor advisories and patch information. Affected products include: Superwhite Demon Image Annotation.