Description

WordPress Plugin Enmask Captcha is prone to malicious redirects. Attackers may leverage this issue to promote spam, distribute malware/backdoors, or to perform all kinds of malicious activities. WordPress Plugin Enmask Captcha version 1.3 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://blog.sucuri.net/2017/08/expired-domain-wordpress-plugin-redirects.html

http://labs.sucuri.net/?note=2017-06-20

Related Vulnerabilities

WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Cross-Site Scripting (1.05)

WordPress Plugin WordPress Users 'uid' Parameter SQL Injection (1.3)

WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Vulnerabilities (3.6.3)

WordPress Plugin Easy Banners Cross-Site Scripting (1.4)

WordPress Plugin Simple Sitemap-Create a Responsive HTML Sitemap Unspecified Vulnerability (1.53)

Severity

High

Classification

CWE-601 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Tags

Missing Update