CVE-2022-4171: The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the pl...

Description

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Probability

0.69%

48.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-1284

Affected Software

Vendor	Product	Versions
Superwhite	Demon Image Annotation	<= 5.0

References

Timeline

Published: Dec 13, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-4171?

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.

How severe is CVE-2022-4171?

CVE-2022-4171 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.69% probability of exploitation in the next 30 days.

How do I fix CVE-2022-4171?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.