WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Captchinoo, Google recaptcha for admin login page Security Bypass (2.3)

Description

WordPress Plugin Captchinoo, Google recaptcha for admin login page is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently install arbitrary plugins. WordPress Plugin Captchinoo, Google recaptcha for admin login page version 2.3 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.4 or latest

References

https://ithemes.com/wordpress-vulnerability-report-april-2021-part-4/

https://plugins.trac.wordpress.org/changeset/2494594/

Related Vulnerabilities

WordPress Plugin WP Responsive Testimonials Slider And Widget Cross-Site Scripting (1.5)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-31618)

MySQL CVE-2019-2968 Vulnerability (CVE-2019-2968)

WordPress Plugin FV Flowplayer Video Player Cross-Site Scripting (7.5.2.727)

Oracle Database Server CVE-2011-0875 Vulnerability (CVE-2011-0875)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass