CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23503 – WordPress Customizable Captcha and Contact us plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23503
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Customizable Captcha and Contact Us allows Reflected XSS. This issue affects Customizable Captcha and Contact Us: from n/a through 1.0.2. The Customizable Captcha and Contact Us plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t... • https://patchstack.com/database/wordpress/plugin/customizable-captcha-and-contact-us-form/vulnerability/wordpress-customizable-captcha-and-contact-us-plugin-1-0-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23620 – WordPress Captchelfie – Captcha by Selfie plugin <= 1.0.7 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23620
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Trofimov Captchelfie – Captcha by Selfie allows Reflected XSS.This issue affects Captchelfie – Captcha by Selfie: from n/a through 1.0.7. The Captchelfie – Captcha by Selfie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje... • https://patchstack.com/database/wordpress/plugin/captchelfie-captcha-by-selfie/vulnerability/wordpress-captchelfie-captcha-by-selfie-plugin-1-0-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23693 – WordPress Secure CAPTCHA plugin <= 1.2 - CSRF to Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2025-23693
16 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Stanisław Skonieczny Secure CAPTCHA allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through 1.2. The Secure CAPTCHA plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site... • https://patchstack.com/database/wordpress/plugin/secure-captcha/vulnerability/wordpress-secure-captcha-plugin-1-2-csrf-to-stored-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24628 – WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2025-24628
03 Jan 2025 — Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78. The reCaptcha by BestWebSoft plugin for WordPress is vulnerable to CAPTCHA Bypass in all versions up to, and including, 1.78. This makes it possible for unauthenticated attackers to bypass CAPTCHA. • https://patchstack.com/database/wordpress/plugin/google-captcha/vulnerability/wordpress-recaptcha-by-bestwebsoft-plugin-1-78-captcha-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-804: Guessable CAPTCHA •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49648 – WordPress SVG Captcha plugin <= 1.0.11 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-49648
21 Oct 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in rafasashi SVG Captcha allows Reflected XSS.This issue affects SVG Captcha: from n/a through 1.0.11. The SVG Captcha plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they ca... • https://patchstack.com/database/vulnerability/svg-captcha/wordpress-svg-captcha-plugin-1-0-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31295 – WordPress Captcha by BestWebSoft plugin <= 5.2.0 - Captcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-31295
05 Apr 2024 — Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0. Vulnerabilidad de CAPTCHA adivinable en BestWebSoft Captcha de BestWebSoft permite omitir la funcionalidad. Este problema afecta a Captcha de BestWebSoft: desde n/a hasta 5.2.0. The Captcha by BestWebSoft for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 5.2.0. This makes it possible for unauthenticated attackers to... • https://patchstack.com/database/vulnerability/captcha-bws/wordpress-captcha-by-bestwebsoft-plugin-5-2-0-captcha-bypass-vulnerability?_s_id=cve • CWE-804: Guessable CAPTCHA •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48276 – WordPress WP Forms Puzzle Captcha plugin <= 4.1 - Captcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-48276
28 Nov 2023 — Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through 4.1. La vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en Nitin Rathod WP Forms Puzzle Captcha permite omitir la funcionalidad. Este problema afecta a WP Forms Puzzle Captcha: desde n/a hasta 4.1. The WP Forms Puzzle Captcha plugin for WordPress is vulnerable to Captcha Bypass ... • https://patchstack.com/database/vulnerability/wp-forms-puzzle-captcha/wordpress-wp-forms-puzzle-captcha-plugin-4-1-captcha-bypass-vulnerability?_s_id=cve • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-804: Guessable CAPTCHA •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48745 – WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-48745
24 Nov 2023 — Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9. La vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en WebFactory Ltd Captcha Code permite omitir la funcionalidad. Este problema afecta a Captcha Code: desde n/a hasta 2.9. The Captcha Code plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.9. This makes i... • https://patchstack.com/database/vulnerability/captcha-code-authentication/wordpress-captcha-code-plugin-2-8-captcha-bypass-vulnerability?_s_id=cve • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-804: Guessable CAPTCHA •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45771 – WordPress Contact Form With Captcha plugin <= 1.6.8 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2023-45771
12 Oct 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8. La neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Contact Form With Captcha permite el XSS reflejado. Este problema afecta a Contact Form With Captcha: desde n/a hasta 1.6.8. The Contact Form With Captcha plugin for W... • https://patchstack.com/database/vulnerability/contact-form-with-captcha/wordpress-contact-form-with-captcha-plugin-1-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45009 – WordPress Captcha for Contact Form 7 plugin <= 1.11.3 - Capcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-45009
03 Oct 2023 — Improper Restriction of Excessive Authentication Attempts vulnerability in Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 allows Functionality Bypass.This issue affects Captcha/Honeypot for Contact Form 7: from n/a through 1.11.3. La vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en Forge12 Interactive GmbH Captcha/Honeypot for Contact Form 7 permite omitir la funcionalidad. Este problema afecta a Captcha/Honeypot for Contact Form 7: desde n/a hasta 1.11.3. The... • https://patchstack.com/database/vulnerability/captcha-for-contact-form-7/wordpress-captcha-for-contact-form-7-plugin-1-11-3-capcha-bypass-vulnerability?_s_id=cve • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-804: Guessable CAPTCHA •