WordPress Plugin Vulnerabilities

Advanced Google reCAPTCHA < 1.26 - Brute Force Protection IP Unblock

Description

The plugin is vulnerable to IP unblocking due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts

Affects Plugins

Plugin icon
advanced-google-recaptcha
Fixed in 1.26

References

CVE
CVE-2024-12034
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa7e6f6-92b2-494b-8c7a-76ba8213b610

Miscellaneous

Original Researcher
Max Boll (_b0lli)
Verified
No
WPVDB ID
983a35a3-41c6-4229-b4a6-1d205a9cd3d7

Timeline

Publicly Published
2024-12-23 (about 1 year ago)
Added
2025-01-13 (about 1 year ago)
Last Updated
2025-01-13 (about 1 year ago)

Other

Published
Title
Published
2015-03-08
Title
Download Monitor < 1.6.4 - Authenticated Directory Listing
Published
2019-09-21
Title
DELUCKS SEO <= 2.1.7 - Unauthenticated Options Update
Published
2022-11-09
Title
Better Messages < 1.9.10.71 - Subscriber+ Messaging Block Bypass
Published
2025-09-25
Title
Banhammer < 3.4.9 - Unauthenticated Protection Mechanism Bypass
Published
2017-01-26
Title
WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users