Webfactory Advanced Google Recaptcha vulnerabilities
5 known vulnerabilities affecting webfactory/advanced_google_recaptcha.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2026-5411P2HIGHCVSS 8.8≤ 5.382026-06-05
CVE-2026-5411 [HIGH] CWE-434 CVE-2026-5411: The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38. This is due to a capability check in the save_ajax() function of the licensing module, combined with unrestricted file extraction in sync_cloud_pr
nvd
CVE-2026-5415P2HIGHCVSS 8.8≤ 5.382026-06-05
CVE-2026-5415 [HIGH] CWE-288 CVE-2026-5415: The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.38. This is due to the ajax_run_tool() AJAX handler relying solely on a nonce check (check_ajax_referer) for security without performing any capabilit
nvd
CVE-2025-2074P4MEDIUMCVSS 5.3≤ 1.292025-03-28
CVE-2025-2074 [MEDIUM] CWE-89 CVE-2025-2074: The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘s
The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘sSearch’ parameter in all versions up to, and including, 1.29 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-lev
nvd
CVE-2024-12034P4MEDIUMCVSS 5.3≤ 1.252024-12-24
CVE-2024-12034 [MEDIUM] CWE-340 CVE-2024-12034: The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up
The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password atte
nvd
CVE-2025-1262P4MEDIUMCVSS 5.3≤ 1.272025-02-25
CVE-2025-1262 [MEDIUM] CWE-804 CVE-2025-1262: The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to
The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.
nvd