The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.
The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Advanced_google_recaptcha | Webfactoryltd | * | 1.2.8 (excluding) |
An automated attacker could bypass the intended protection of the CAPTCHA challenge and perform actions at a higher frequency than humanly possible, such as launching spam attacks. There can be several different causes of a guessable CAPTCHA: