CVE-2022-4171

{"id": "CVE-2022-4171", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2022-12-13T21:15:11.870", "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2830349%40demon-image-annotation&new=2830349%40demon-image-annotation&sfp_email=&sfph_mail=", "tags": ["Patch", "Third Party Advisory"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Modified", "descriptions": [{"lang": "en", "value": "The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings."}, {"lang": "es", "value": "Demon image annotation complemento para WordPress es vulnerable a una validaci\u00f3n de entrada incorrecta en versiones hasta la 5.0 incluida. Esto se debe a que el complemento valida incorrectamente la cantidad de caracteres proporcionados durante una anotaci\u00f3n a pesar de que existe una configuraci\u00f3n para limitar la cantidad de caracteres ingresados. Esto significa que los atacantes no autenticados pueden omitir las restricciones de longitud e ingresar m\u00e1s caracteres de los permitidos en la configuraci\u00f3n."}], "lastModified": "2023-11-07T03:57:08.090", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:superwhite:demon_image_annotation:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D93211FC-DCC8-443B-9E82-24C6B75DE5DC", "versionEndIncluding": "5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}