CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-44235 – WordPress WP Captcha plugin <= 2.0.0 - Captcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-44235
29 Sep 2023 — Improper Restriction of Excessive Authentication Attempts vulnerability in Devnath verma WP Captcha allows Functionality Bypass.This issue affects WP Captcha: from n/a through 2.0.0. La vulnerabilidad de restricción inadecuada de intentos de autenticación excesivos en Devnath verma WP Captcha permite la omisión de funcionalidad. Este problema afecta a WP Captcha: desde n/a hasta 2.0.0. The WP Captcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.0. This makes it ... • https://patchstack.com/database/vulnerability/wp-captcha/wordpress-wp-captcha-plugin-2-0-0-captcha-bypass-vulnerability?_s_id=cve • CWE-307: Improper Restriction of Excessive Authentication Attempts CWE-804: Guessable CAPTCHA •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40673 – WordPress Cartpauj Register Captcha plugin <= 1.0.02 - Captcha Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-40673
21 Aug 2023 — : Improper Control of Interaction Frequency vulnerability in cartpauj Cartpauj Register Captcha allows Functionality Misuse.This issue affects Cartpauj Register Captcha: from n/a through 1.0.02. Vulnerabilidad de control inadecuado de la frecuencia de interacción en cartpauj Cartpauj Register Captcha permite un uso indebido de la funcionalidad. Este problema afecta a Cartpauj Register Captcha: desde n/a hasta 1.0.02. The Cartpauj Register Captcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versi... • https://patchstack.com/database/vulnerability/cartpauj-register-captcha/wordpress-cartpauj-register-captcha-plugin-1-0-02-captcha-bypass-vulnerability?_s_id=cve • CWE-799: Improper Control of Interaction Frequency CWE-804: Guessable CAPTCHA •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33324 – WordPress Easy Captcha plugin <= 1.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-33324
22 May 2023 — Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0. The Easy Captcha plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easy_captcha_update_settings AJAX function in versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to modify the plugin's settings. • https://patchstack.com/database/wordpress/plugin/easy-captcha/vulnerability/wordpress-easy-captcha-plugin-1-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33312 – WordPress Easy Captcha Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-33312
22 May 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <= 1.0 versions. The Easy Captcha plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Unauth. • https://patchstack.com/database/vulnerability/easy-captcha/wordpress-easy-captcha-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2009-10001 – jianlinwei cool-php-captcha example-form.php cross site scripting
https://notcve.org/view.php?id=CVE-2009-10001
13 Jan 2023 — A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jianlinwei/cool-php-captcha/commit/c84fb6b153bebaf228feee0cbf50728d27ae3f80 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0147 – Flexible Captcha <= 4.1 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-0147
11 Jan 2023 — The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The Flexible Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user ... • https://wpscan.com/vulnerability/af9cbb4a-42fc-43c5-88f3-349b417f1a6a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-37411 – WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-37411
01 Sep 2022 — Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Captcha Code plugin <= 2.7 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin Captcha Code de Vinoj Cardoza versiones anteriores a 2.7 incluyéndola, en WordPress The Captcha Code plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7. This is due to missing or incorrect nonce validation on the wp_captcha_general_options function. This makes it possible for u... • https://patchstack.com/database/vulnerability/captcha-code-authentication/wordpress-captcha-code-plugin-2-7-cross-site-request-forgery-csrf-vulnerability-leading-to-plugin-settings-update/_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2913 – Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass
https://notcve.org/view.php?id=CVE-2022-2913
16 Aug 2022 — The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen. El plugin Login No Captcha reCAPTCHA de WordPress versiones anteriores a 1.7, no comprueba la dirección IP apropiada, permitiendo a atacantes falsificar direcciones IP en la lista de permitidas y omitir la necesidad de captcha en la pantalla de inicio de sesión The Login No Captcha reCAPTCHA plugin for W... • https://wpscan.com/vulnerability/5231ac18-ea9a-4bb9-af9f-e3d95a3b54f1 • CWE-285: Improper Authorization CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34983
https://notcve.org/view.php?id=CVE-2022-34983
22 Jul 2022 — The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party. El paquete scu-captcha en PyPI versiones v0.0.1 a v0.0.4, incluía un backdoor de ejecución de código insertado por un tercero • http://pypi.doubanio.com/simple/request •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2187 – Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2187
27 Jun 2022 — The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers El plugin Contact Form 7 Captcha de WordPress versiones anteriores a 0.1.2, no escapa del parámetro $_SERVER["REQUEST_URI"] antes de devolverlo en un atributo, lo que podría conllevar a un ataque de tipo Cross-Site Scripting reflejado en navegadores antiguos • https://wpscan.com/vulnerability/4fd2f1ef-39c6-4425-8b4d-1a332dabac8d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •