WordPress Plugin Vulnerabilities

Better WordPress reCAPTCHA <= 2.0.3 - Unauthenticated Cross-Site Scripting (XSS)

Description

There is a reflected XSS vulnerability in Better WordPress reCAPTCHA plugin version 2.0.3, and possibly below.

The parameter cerror value is reflected in the page when this plugin is enabled. Once plugin disabled, the "cerror" parameter's value is not reflected in the page anymore.

This is the HTML source code:

<input id="url" name="url" type="url" value="" size="30" maxlength="200" /></p>
<p class="bwp-recaptcha-error error">Unknown error (\"><iMg src=N onerror=alert(9)>). Please contact an administrator for more info.</p>

Proof of Concept

Affects Plugins

Plugin icon
bwp-recaptcha
No known fix

References

URL
https://learn.ituniversity.ro/blog/20273/reflected-xss-wordpress-plugin

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Gabriel Avramescu
Submitter
Gabriel Avramescu
Submitter website
https://www.ituniversity.ro/
Submitter twitter
ituniversityro
Verified
Yes
WPVDB ID
7ac9952c-e4ab-46f4-a7d7-6c083123ca1f

Timeline

Publicly Published
2018-11-07 (about 7 years ago)
Added
2018-11-12 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2023-10-29
Title
Accordion < 2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2024-03-18
Title
SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings
Published
2024-08-29
Title
HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics < 11.1.34 - Authenticated (Contributor+) Stored Cross-Site Scripting via HubSpot Meeting Widget
Published
2024-04-15
Title
Shortcodes and extra features for Phlox theme < 2.15.8 - Contributor+ Stored XSS via aux_gmaps Shortcode
Published
2025-05-30
Title
Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights