CVE-2025-24628 – WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability

https://notcve.org/view.php?id=CVE-2025-24628

03 Jan 2025 — Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78. The reCaptcha by BestWebSoft plugin for WordPress is vulnerable to CAPTCHA Bypass in all versions up to, and including, 1.78. This makes it possible for unauthenticated attackers to bypass CAPTCHA. • https://patchstack.com/database/wordpress/plugin/google-captcha/vulnerability/wordpress-recaptcha-by-bestwebsoft-plugin-1-78-captcha-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-804: Guessable CAPTCHA •