Does demon image annotation have any unpatched vulnerabilities?

No. All known vulnerabilities in demon image annotation have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is demon image annotation compatible with WordPress 6.9.4?

According to WordPress.org data, demon image annotation 5.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is demon image annotation updated?

demon image annotation was last updated on Jan 5, 2026. Frequent updates are generally a positive security signal.

What is demon image annotation's security score?

demon image annotation has a WP-Safety security score of 98/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

demon image annotation Security & Risk Analysis

wordpress.org/plugins/demon-image-annotation

Allows you to add textual annotations to images by select a region of the image and then attach a textual description.

10 active installs v5.4 PHP + WP 2.5+ Updated Jan 5, 2026

commentcommentsimageimagesnote

A · Safe

CVEs total3

Unpatched0

Last CVEAug 10, 2023

Plugin page Download

Safety Verdict

Is demon image annotation Safe to Use in 2026?

Generally Safe

Score 98/100

demon image annotation has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Aug 10, 2023Updated 2mo ago

Risk Assessment

The "demon-image-annotation" v5.4 plugin exhibits a generally strong security posture with several good practices in place. It utilizes prepared statements for all SQL queries, has a high percentage of properly escaped output, and implements a good number of nonce and capability checks across its entry points. Furthermore, there are no identified file operations or external HTTP requests, which reduces common attack vectors. The absence of REST API routes and shortcodes also limits the plugin's attack surface.

Key Concerns

High severity taint flows found
Past high severity vulnerabilities present
Past medium severity vulnerabilities present
Taint flow with unsanitized paths found
Low percentage of properly escaped output
Limited nonce checks

Vulnerabilities

demon image annotation Security Vulnerabilities

CVEs by Year

2 CVEs in 2022

2022

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

3 total CVEs

CVE-2023-40215high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Demon image annotation <= 5.3 - Authenticated (Administrator+) SQL Injection

Aug 10, 2023 Patched in 5.4 (229d)

CVE-2022-4171medium · 6.5Improper Validation of Specified Quantity in Input

demon image annotation <= 5.0 - Improper Input Restriction Validation

Dec 11, 2022 Patched in 5.1 (408d)

CVE-2022-2864high · 8.8Cross-Site Request Forgery (CSRF)

demon image annotation <= 4.7 - Cross-Site Request Forgery to Cross-Site Scripting

Sep 21, 2022 Patched in 4.8 (489d)

Code Analysis

Analyzed Mar 17, 2026

demon image annotation Code Analysis

Dangerous Functions

Raw SQL Queries

74 prepared

Unescaped Output

257 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared74 total queries

Output Escaping

91% escaped282 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

8 flows3 with unsanitized paths

editNote (includes\class-image-annotation-list-table.php:363)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

demon image annotation Attack Surface

Entry Points5

Unprotected0

AJAX Handlers 5

authwp_ajax_getdemon-image-annotation.php:502

authwp_ajax_savedemon-image-annotation.php:503

authwp_ajax_deletedemon-image-annotation.php:504

noprivwp_ajax_getdemon-image-annotation.php:505

noprivwp_ajax_savedemon-image-annotation.php:506

WordPress Hooks 12

filtercomment_textdemon-image-annotation.php:168

actionwp_enqueue_scriptsdemon-image-annotation.php:500

actionwp_headdemon-image-annotation.php:501

actionadmin_enqueue_scriptsdemon-image-annotation.php:507

actionadmin_initdemon-image-annotation.php:511

actionadmin_noticesdemon-image-annotation.php:512

filtercomment_textdemon-image-annotation.php:513

actionadmin_headdemon-image-annotation.php:516

actionadmin_menudemon-image-annotation.php:517

actionadmin_bar_menudemon-image-annotation.php:518

filterthe_contentdemon-image-annotation.php:519

filterplugin_row_metademon-image-annotation.php:522

Maintenance & Trust

demon image annotation Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 5, 2026

PHP min version

Downloads17K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

demon image annotation Alternatives

Guan Image Notes

guan-image-notes

Image tagging system sync with WordPress comment system. Or also known as image notes, or image annotation.

10 No CVEs

Image Annotations

image-annotations

Image Annotations plugin lets readers to leave annotations to the selected area of the image in comments.

10 No CVEs

Comment Image

comment-image

Enable readers to attach an image to their comments.

1K No CVEs

Embed Images in Comments

embed-comment-images

Embed direct image links in your comments with an img tag.

100 1 CVE

Comment-Images

wordpress-comment-images

Comment Image Embedder is a very simple plugin that, once installed, lets your visitors add an image to their comments.

50 No CVEs

Developer Profile

demon image annotation Developer Profile

demonisblack

2 plugins · 40 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

375 days

View full developer profile

Detection Fingerprints

How We Detect demon image annotation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/demon-image-annotation/css/annotation.css/wp-content/plugins/demon-image-annotation/css/admin.css/wp-content/plugins/demon-image-annotation/js/jquery.annotate.js/wp-content/plugins/demon-image-annotation/js/jquery.annotate.config.js/wp-content/plugins/demon-image-annotation/js/admin.js

Script Paths

/wp-content/plugins/demon-image-annotation/js/jquery.annotate.js/wp-content/plugins/demon-image-annotation/js/jquery.annotate.config.js/wp-content/plugins/demon-image-annotation/js/admin.js

Version Parameters

demon-image-annotation/css/annotation.css?ver=demon-image-annotation/css/admin.css?ver=demon-image-annotation/js/jquery.annotate.js?ver=demon-image-annotation/js/jquery.annotate.config.js?ver=demon-image-annotation/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

annotation-containerannotation-note

HTML Comments

+4 more

Data Attributes

containerpageOnlyadminOnlyautoResizenumberingremoveImgTag+5 more

JS Globals

myAjax

REST Endpoints

/wp-json/demon-image-annotation/v1/notes

FAQ