cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-4171,https://securityvulnerability.io/vulnerability/CVE-2022-4171,Improper Input Validation in Demon Image Annotation Plugin for WordPress,"The Demon Image Annotation Plugin for WordPress suffers from an improper input validation vulnerability in versions up to and including 5.0. This flaw arises because the plugin fails to validate the number of characters allowed during an annotation, notwithstanding the existence of a setting intended to impose character limitations. As a result, unauthenticated attackers can bypass these restrictions, allowing them to input a greater number of characters than the configuration permits. This could lead to potential exploitation of the system or unauthorized data entry, raising significant security concerns for users.",Wordpress,Demon Image Annotation,6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,false,false,2022-12-13T20:16:52.649Z,0
CVE-2022-2864,https://securityvulnerability.io/vulnerability/CVE-2022-2864,Cross-Site Request Forgery Vulnerability in Demon Image Annotation Plugin for WordPress,"The Demon Image Annotation plugin for WordPress has a vulnerability that enables unauthenticated attackers to change plugin settings through Cross-Site Request Forgery due to insufficient nonce validation in the settings file. This flaw allows malicious actors to exploit the vulnerability by tricking an administrator into executing actions via crafted links, potentially leading to the injection of harmful scripts into the site. Users of versions up to and including 4.7 should take immediate action to secure their installations.",Wordpress,Demon Image Annotation,8.8,HIGH,0.002240000059828162,false,,false,false,false,,false,false,2022-10-28T16:52:09.076Z,0