CVE-2022-4171

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters inpu...

CVE-2023-40215

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

WordPress Plugin demon image annotation SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2023-40215 WordPress Demon image annotation Plugin <= 5.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1...

CVE-2023-40215

CVE-2023-40215 refers to a WordPress plugin vulnerability in the Demon image annotation plugin (demon-image-annotation). The issue is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting versions listed as n/a through 5.1. Public sources corroborate th...

PT-2023-27332 · Unknown · Demon Image Annotation

Name of the Vulnerable Software and Affected Versions: demon image annotation versions n/a through 5.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

WordPress Demon image annotation Plugin <= 5.3 is vulnerable to SQL Injection

Software Demon image annotation Type Plugin Vulnerable versions = 5.3 Fixed in 5.4 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-40215 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 48d8f2dd0426 Credits LEE SE HYOUNG hackintoanetwork Required...

Input validation

The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters inpu...

PT-2022-26039 · WordPress · Demon Image Annotation Plugin

Name of the Vulnerable Software and Affected Versions: demon image annotation plugin for WordPress versions up to, and including 5.0 Description: The issue arises from improper input validation in the plugin, specifically when handling the number of characters supplied during an annotation. Despi...

CVE-2022-2864

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...

CVE-2022-2864

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...

PT-2022-19129 · WordPress · Demon Image Annotation Plugin

Name of the Vulnerable Software and Affected Versions: demon image annotation plugin for WordPress versions up to, and including, 4.7 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation in the /includes/settings.php file. This allows unauthenticated...

WordPress plugin demon image annotation 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress demon image annotation 4.7 and earlier versions, which stems from the lack of nonce...

WordPress Demon Image Annotation plugin <= 4.7 - Arbitrary Settings Update to Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update leading to Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by Yamato Kamioka in WordPress Demon Image Annotation plugin versions = 4.7. Solution Update the WordPress Demon image annotation plugin to the latest available versio...

Demon Image Annotation < 4.8 - Arbitrary Settings Update to Stored XSS via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of sanitisation and escaping in some of them, it could also lead to Stored Cross-Site Scripting...