Unrated severityNVD Advisory· Published Oct 28, 2022· Updated Jan 31, 2025
CVE-2022-2864
CVE-2022-2864
Description
The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the ~/includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=4.7
- demonisblack/demon image annotationv5Range: 1.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.