CVE-2026-25315

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through = 4.21.1...

CVE-2026-25315

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through = 4.21.1...

CVE-2026-25315 WordPress hCaptcha for WP plugin <= 4.21.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through = 4.21.1...

CVE-2026-25315

Improperly implemented security check vulnerability in KAGG hCaptcha for WP allows CAPTCHA Functionality Bypass.This issue affects hCaptcha for WP: from n/a through 4.21.1. The vulnerability is limited to the CAPTCHA mechanism intended to protect a publicly accessible form from automated abuse. I...

CVE-2026-25315 WordPress hCaptcha for WP plugin <= 4.21.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through = 4.21.1...

CVE-2026-25315

CVE-2026-25315 describes a Missing Authorization vulnerability in the WordPress plugin hCaptcha for WP – hcaptcha-for-forms-and-more, due to incorrectly configured access control. Affected versions are reported as from n/a through 4.21.1 (per CVE/NVD) with CVSSv3.1 base score 5.3 (MEDIUM), reflec...

PT-2026-20686

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through = 4.22.0...

WordPress plugin hCaptcha for WP 安全特征问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

WordPress hCaptcha for WP plugin <= 4.22.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by suyoung kim AhnLab in WordPress Plugin hCaptcha for WP versions = 4.22.0...

CVE-2025-10732

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...

CVE-2025-10732

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...

EUVD-2025-34138

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...

EUVD-2024-32580

Malicious code in bioql PyPI...

EUVD-2023-2251

Malicious code in bioql PyPI...

CVE-2024-4014

The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-41100

An issue was discovered in the hcaptcha aka hCaptcha for EXT:form extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check...

WordPress hCaptcha plugin <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via cf7-hcaptcha Shortcode vulnerability discovered by haidv35 in WordPress Plugin hCaptcha for WP versions = 4.0.0...

WordPress hCaptcha Plugin <= 4.0.0 is vulnerable to Cross Site Scripting (XSS)

Software hCaptcha Type Plugin Vulnerable versions = 4.0.0 Fixed in 4.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4014 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3903916f995b Credits haidv35 Required privilege...

CVE-2024-4014

The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-4014 hCaptcha for WordPress <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7-hcaptcha Shortcode

The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...