Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-2374

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS5.7AI score0.00346EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/28 9:23 a.m.10 views

WordPress Login No Captcha reCAPTCHA plugin <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting vulnerability

Unauthenticated Stored Cross-Site Scripting vulnerability discovered by ISMAILSHADOW in WordPress Plugin Login No Captcha reCAPTCHA versions = 1.8.0...

7.2CVSS5.8AI score0.00346EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:27 a.m.12 views

CVE-2026-2374

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS6AI score0.00346EPSS
Exploits0References8
CVE
CVE
added 2026/05/28 3:27 a.m.22 views

CVE-2026-2374

The CVE-2026-2374 entry applies to the Login No Captcha reCAPTCHA WordPress plugin (v &lt;= 1.8.0). The vulnerability is a Stored Cross-Site Scripting (XSS) that occurs because authenticate() stores the unsanitized basename($_SERVER['PHP_SELF']) output in the login_nocaptcha_error WordPress optio...

7.2CVSS6AI score0.00346EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

WordPress plugin Login No Captcha reCAPTCHA 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.7AI score0.00346EPSS
Exploits0References7
Prion
Prion
added 2022/09/16 9:15 a.m.14 views

Design/Logic Flaw

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen...

4.3CVSS4.7AI score0.0057EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/09/16 8:40 a.m.25 views

CVE-2022-2913 Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen...

5AI score0.0057EPSS
Exploits2References1
CVE
CVE
added 2022/09/16 8:40 a.m.68 views

CVE-2022-2913

CVE-2022-2913 affects the Login No Captcha reCAPTCHA WordPress plugin prior to 1.7. Root cause: improper IP check in get_ip_address allows spoofing on the allow list, bypassing the captcha on the login screen. Impact is a login-time bypass (medium risk; CVSS v3.1: 4.3). Remediation: upgrade to ve...

4.3CVSS4.6AI score0.0057EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/09/16 12:0 a.m.4 views

WordPress plugin Login No Captcha reCAPTCHA 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS5.1AI score0.0057EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/08/22 12:0 a.m.23 views

Login No Captcha reCAPTCHA < 1.7 - IP Check Bypass

The plugin doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen. PoC Set HTTPCLIENTIP, HTTPXFORWARDEDFOR or any other header in LoginNoCaptcha::getipaddress which is then checked against the whitelist an...

4.3CVSS2.2AI score0.0057EPSS
Exploits2Affected Software1
Rows per page
Query Builder