CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40215 – WordPress Demon image annotation Plugin <= 5.1 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-40215
10 Aug 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en la anotación Demonisblack demon image permite la inyección SQL. Este problema afecta a la anotación demon image : desde n/a hasta 5.1. The Demon image annotation plug... • https://patchstack.com/database/vulnerability/demon-image-annotation/wordpress-demon-image-annotation-plugin-5-1-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4171 – demon image annotation <= 5.0 - Improper Input Restriction Validation
https://notcve.org/view.php?id=CVE-2022-4171
11 Dec 2022 — The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings. Demon image annotation complemento para WordPress es vulnerable a una validaci... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2830349%40demon-image-annotation&new=2830349%40demon-image-annotation&sfp_email=&sfph_mail= • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2864 – demon image annotation <= 4.7 - Cross-Site Request Forgery to Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2864
21 Sep 2022 — The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento de anotación de imágenes demon para WordPress es vul... • https://plugins.trac.wordpress.org/browser/demon-image-annotation/trunk/includes/settings.php • CWE-352: Cross-Site Request Forgery (CSRF) •