CVE-2022-4171
MEDIUM
6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: low
Description
AI Translation Available
The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0032
Percentile
0,5th
Updated
EPSS Score Trend (Last 91 Days)
1284
Improper Validation of Specified Quantity in Input
IncompleteCommon Consequences
Security Scopes Affected:
Other
Integrity
Availability
Potential Impacts:
Varies By Context
Dos: Resource Consumption (Cpu)
Modify Memory
Read Memory
Applicable Platforms
All platforms may be affected
Application
Demon Image Annotation by Superwhite
Version Range Affected
To
5.0
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:superwhite:demon_image_annotation:*:*:*:*:*:wordpress:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&ol…
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5…
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&ol…
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5…