Description
WordPress Plugin Flexible Captcha is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently bypass the captcha with a modified submission at login. WordPress Plugin Flexible Captcha version 4.0 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 4.0.1 or latest
References
Related Vulnerabilities
WordPress Plugin WordPress Meta Robots SQL Injection (2.1)
WordPress Plugin Raygun4WP Cross-Site Scripting (1.8.0)
WordPress Plugin PWAMP PHP Object Injection (1.0.0)
Moodle Improper Privilege Management Vulnerability (CVE-2023-5549)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)