CVE-2022-4171 MEDIUM

CVE-2022-4171: demon image annotation <= 5.0 - Improper Input Restriction Validation

Vendor Demonisblack
Product demon image annotation
Weakness CWE-1284
Published December 13, 2022
Last update April 8, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.

Key dates

02Disclosure timeline

December 13, 2022 CVE published
April 8, 2026 Record updated