CVE-2022-4171

Name of the Vulnerable Software and Affected Versions demon image annotation plugin for WordPress versions up to, and including 5.0

Description The issue arises from improper input validation in the plugin, specifically when handling the number of characters supplied during an annotation. Despite having a setting to limit the number of characters input, the plugin fails to properly validate this, allowing unauthenticated attackers to bypass the length restrictions and input more characters than allowed via the settings.

Recommendations For demon image annotation plugin for WordPress versions up to, and including 5.0, consider disabling the annotation feature until a patch is available to prevent exploitation. Restrict access to the plugin's settings to minimize the risk of attackers modifying the input validation settings. Avoid using the plugin for sensitive annotations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.