Description
WordPress Plugin demon image annotation is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin demon image annotation version 4.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.8 or latest
References
https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2864
https://plugins.svn.wordpress.org/demon-image-annotation/trunk/readme.txt
Related Vulnerabilities
Atlassian Jira Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-6619)
WordPress Plugin WooCommerce PHP Object Injection (3.2.3)
Apache HTTP Server Insertion of Sensitive Information into Log File Vulnerability (CVE-2001-1556)
Oracle Application Server Resource Management Errors Vulnerability (CVE-2007-2120)