Description

WordPress Plugin PS PHPCaptcha WP is prone to a Denial of Service vulnerability. Exploiting this issue may allow an attacker to prevent the creation of CAPTCHA, thus denying service to legitimate users. WordPress Plugin PS PHPCaptcha WP version 1.1.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2.0 or latest

References

https://metamorfosec.com/Files/Advisories/METS-2019-003-Denial_of_Service_in_PS_PHPCaptcha_WP_before_v1.2.0.txt

https://plugins.svn.wordpress.org/ps-phpcaptcha/trunk/README.txt

Related Vulnerabilities

WordPress Plugin Ecommerce-Two Factor Authentication Cross-Site Scripting (1.0.4)

MySQL Improper Input Validation Vulnerability (CVE-2017-3273)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-26691)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Request Forgery (2.0.6)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3457)

Severity

High

Classification

CVE-2019-7412 CWE-400 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Denial Of Service