CVE-2026-25315

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through = 4.21.1...

CVE-2026-25315

CVE-2026-25315 describes a Missing Authorization vulnerability in the WordPress plugin hCaptcha for WP – hcaptcha-for-forms-and-more, due to incorrectly configured access control. Affected versions are reported as from n/a through 4.21.1 (per CVE/NVD) with CVSSv3.1 base score 5.3 (MEDIUM), reflec...

WordPress hCaptcha plugin <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via cf7-hcaptcha Shortcode vulnerability discovered by haidv35 in WordPress Plugin hCaptcha for WP versions = 4.0.0...

WordPress hCaptcha Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software hCaptcha Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4014 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3903916f995b Credits haidv35 Required privilege...