Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin PS PHPCaptcha WP Denial of Service (1.1.0)

Description

WordPress Plugin PS PHPCaptcha WP is prone to a Denial of Service vulnerability. Exploiting this issue may allow an attacker to prevent the creation of CAPTCHA, thus denying service to legitimate users. WordPress Plugin PS PHPCaptcha WP version 1.1.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2.0 or latest

References

https://metamorfosec.com/Files/Advisories/METS-2019-003-Denial_of_Service_in_PS_PHPCaptcha_WP_before_v1.2.0.txt

https://plugins.svn.wordpress.org/ps-phpcaptcha/trunk/README.txt

Related Vulnerabilities

WordPress 4.6.x Denial of Service Vulnerability (4.6 - 4.6.10)

MySQL CVE-2017-10320 Vulnerability (CVE-2017-10320)

WordPress Plugin Shareaholic-share buttons, related posts, social analytics & more Cross-Site Request Forgery (7.0.3.3)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-25689)

WordPress Plugin Easy Digital Downloads-Simple eCommerce for Selling Digital Files Security Bypass (2.9.16)

Severity

High

Classification

CVE-2019-7412 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Denial Of Service