The WP Shieldon WordPress plugin, versions 1.6.3 and below, were vulnerable to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown. This was due to $_SERVER['REQUEST_URI'] being echoed to a page without any encoding.
Proof of Concept
No known fix
2021-01-18 (about 8 months ago)
2021-01-25 (about 8 months ago)
2021-01-29 (about 8 months ago)