CVE-2026-2374

The CVE-2026-2374 entry applies to the Login No Captcha reCAPTCHA WordPress plugin (v <= 1.8.0). The vulnerability is a Stored Cross-Site Scripting (XSS) that occurs because authenticate() stores the unsanitized basename($_SERVER['PHP_SELF']) output in the login_nocaptcha_error WordPress optio...

CVE-2026-2374

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

WordPress WP reCaptcha by WebDesignBy plugin < 2.0 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Mustafa Ahmed in WordPress Plugin reCaptcha by WebDesignBy versions 2.0...

CVE-2026-4512

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

CVE-2026-4512

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptchajs function. This allows administrators on multisite installations who do not have the unfilteredhtml capability to injec...

PT-2026-34643

Name of the Vulnerable Software and Affected Versions reCaptcha by WebDesignBy WordPress plugin versions prior to 2.0 Description The plugin fails to sanitize or escape the Site Key setting before it is output within a JavaScript string context through the grecaptcha js function. This allows...

EUVD-2024-32507

Malicious code in bioql PyPI...

CVE-2025-60177

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rozx Recaptcha - wp recaptcha-wp allows Stored XSS.This issue affects Recaptcha - wp: from n/a through = 0.2.6...

WordPress Recaptcha – wp Plugin <= 0.2.6 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Recaptcha wp versions = 0.2.6...

CVE-2025-60177 WordPress Recaptcha – wp Plugin <= 0.2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rozx Recaptcha – wp recaptcha-wp allows Stored XSS.This issue affects Recaptcha – wp: from n/a through = 0.2.6...

CVE-2025-60177 WordPress Recaptcha – wp Plugin <= 0.2.6 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rozx Recaptcha – wp recaptcha-wp allows Stored XSS.This issue affects Recaptcha – wp: from n/a through = 0.2.6...

CVE-2025-60177

CVE-2025-60177 describes a Stored XSS in the Recaptcha – wp WordPress plugin. Affected: Recaptcha – wp from n/a through 0.2.6. Root cause: improper neutralization of input during web page generation. Impact per CVSS: Confidentiality/Integrity/Availability Low, but attacker requires High privilege...

CVE-2025-8280

The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2025-8280

CVE-2025-8280 concerns the WordPress plugin “Contact Form 7 reCAPTCHA” up to version 1.2.0. It reports a Reflected Cross-Site Scripting (XSS) flaw caused by failure to escape the $_SERVER['REQUEST_URI'] value before echoing it into an HTML attribute. This can allow an attacker to inject arbitrary...

CVE-2025-8280 Contact Form 7 reCAPTCHA <= 1.2.0 - Reflected XSS via $_SERVER['REQUEST_URI']

The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

PT-2025-37295

Name of the Vulnerable Software and Affected Versions: Contact Form 7 reCAPTCHA WordPress plugin versions through 1.2.0 Description: The plugin does not escape the $ SERVER'REQUEST URI' parameter before outputting it, potentially leading to Reflected Cross-Site Scripting in older web browsers...

CVE-2025-23972 WordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA contact-form-7-recaptcha allows Cross Site Request Forgery.This issue affects Contact Form 7 reCAPTCHA: from n/a through = 1.2.0...

CVE-2025-23972 WordPress Contact Form 7 reCAPTCHA plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Brian S. Reed Contact Form 7 reCAPTCHA contact-form-7-recaptcha allows Cross Site Request Forgery.This issue affects Contact Form 7 reCAPTCHA: from n/a through = 1.2.0...

CVE-2023-28167

Cross-Site Request Forgery CSRF vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin = 1.3.3 versions...

CVE-2022-3831

The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...