14 matches found
CVE-2026-4121
The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...
CVE-2026-4121
The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...
CVE-2026-4121 Kcaptcha <= 1.0.1 - Cross-Site Request Forgery to Settings Update
The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...
CVE-2026-4121
The CVE concerns the WordPress Kcaptcha plugin (versions update(), enabling unauthenticated attackers to alter CAPTCHA settings (e.g., enabling/disabling CAPTCHA for login, registration, lost password, and comments) through a forged request if a site admin is tricked into performing an action. Co...
CVE-2026-4121
The Kcaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.1. This is due to missing nonce validation in the plugin's settings page handler admin/setting.php. The settings form does not include a wpnoncefield and the form processing code...
PT-2026-34288
Name of the Vulnerable Software and Affected Versions Kcaptcha versions prior to 1.0.2 Description The Kcaptcha plugin for WordPress is subject to Cross-Site Request Forgery. The issue exists in the settings page handler 'admin/setting.php' because it lacks nonce validation. Specifically, the...
WordPress plugin ZT Captcha has a cross-site request forgeing vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2022-1265
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
WordPress BulletProof Securitys plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress BulletProof Securitys plugin versions prior to 6.1 have a cross-site scripting vulnerability that...
CVE-2022-1265
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
Cross site scripting
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
WordPress plugin BulletProof Security 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress BulletProof Securitys plugin versions prior to 6.1 have a cross-site scripting vulnerability that...
CVE-2013-3535
Multiple cross-site scripting XSS vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 adminemail, 2 headertitle, 3 sitetitle parameter to admin/settings; 4 recaptchaprivate or 5 recaptchapublic parameter to admin/captchasettings; 6...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 adminemail, 2 headertitle, 3 sitetitle parameter to admin/settings; 4 recaptchaprivate or 5 recaptchapublic parameter to admin/captchasettings; 6...