WordPress Plugin Vulnerabilities

Advanced Google reCaptcha < 1.28 - Built-in Math CAPTCHA Bypass

Description

The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.

Affects Plugins

Plugin icon
advanced-google-recaptcha
Fixed in 1.28

References

CVE
CVE-2025-1262
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d553aab2-d441-46d6-9c01-5dcfdc48674f

Miscellaneous

Original Researcher
Max Boll (_b0lli)
Verified
No
WPVDB ID
1a5fd198-e9b9-4622-a3de-f5feec88a82b

Timeline

Publicly Published
2025-02-24 (about 1 year ago)
Added
2025-02-26 (about 1 year ago)
Last Updated
2025-02-26 (about 1 year ago)

Other

Published
Title
Published
2018-12-13
Title
WordPress <= 5.0 - Authenticated File Delete
Published
2024-03-25
Title
Essential Addons for Elementor < 5.9.12 - Contributor+ Stored XSS
Published
2014-08-01
Title
Awake 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download
Published
2023-05-30
Title
Blog-in-Blog <= 1.1.1 - Editor+ Stored Cross-Site Scripting via Shortcode
Published
2014-08-01
Title
Acumbamail 1.0.4 - acumbamail.class.php callAPI() Function MitM Information Disclosure