Description
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
Remediation
References
Related Vulnerabilities
WordPress Plugin YITH Pre-Order for WooCommerce Security Bypass (1.1.9)
PHP Integer Overflow or Wraparound Vulnerability (CVE-2022-37454)
WordPress Plugin WP Fastest Cache Arbitrary File Deletion (0.8.9.0)
WordPress Plugin Photoracer Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.0)