CVE-2026-1369 Conditional CAPTCHA <= 4.0.0 - Open Redirect

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue...

CVE-2026-1075

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...

CVE-2026-1075 ZT Captcha <= 1.0.4 - Cross-Site Request Forgery to Settings Update

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...

CVE-2026-1075

CVE-2026-1075 – ZT Captcha (WordPress) : The WordPress plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 1.0.4 due to improper nonce validation on the save_ztcpt_captcha_settings action. This allows unauthenticated attackers to modify plugin settings via a forged request if ...

EUVD-2021-11477

Malware in sbrugna...

EUVD-2008-0218

Malware in sbrugna...

EUVD-2023-50944

Malicious code in bioql PyPI...

EUVD-2022-34471

Malicious code in bioql PyPI...

EUVD-2023-50453

Malicious code in bioql PyPI...

EUVD-2023-48595

Malicious code in bioql PyPI...

EUVD-2024-49893

Malicious code in bioql PyPI...

CVE-2024-9375

The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject...

CVE-2023-33312

Unauth. Reflected Cross-Site Scripting XSS vulnerability in wppal Easy Captcha plugin = 1.0 versions...

CVE-2023-44236

Cross-Site Request Forgery CSRF vulnerability in Devnath verma WP Captcha plugin = 2.0.0 versions...

CVE-2022-2187

The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress Blue Captcha plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Blue Captcha plugin has a cross-site scripting vulnerability, the vulnerability stems from the lack...

CVE-2024-9375

The WordPress Captcha Plugin by Captcha Bank plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.0.36. This makes it possible for unauthenticated attackers to inject...

PT-2024-39603 · Captcha Bank · Wordpress Captcha Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Captcha Plugin by Captcha Bank versions up to, and including, 4.0.36 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...

WordPress Contact Form 7 Math Captcha Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Contact Form 7 Math Captcha Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6517 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1067711fa4c4 Credits...

CVE-2023-46210

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in WebCource WC Captcha plugin = 1.4 versions...