Description
WordPress Plugin SI CAPTCHA Anti-Spam was deliberately modified to inject spam ads for payday loans and such in the WP posts of the web sites running the plugin. WordPress Plugin SI CAPTCHA Anti-Spam versions 3.0.1 and 3.0.2 are affected ONLY.
Remediation
Update to plugin version 3.0.3 or latest
References
https://wordpress.org/support/topic/where-did-the-plugin-go-2/
https://plugins.svn.wordpress.org/si-captcha-for-wordpress/trunk/readme.txt
Related Vulnerabilities
Jboss EAP Out-of-bounds Read Vulnerability (CVE-2019-0210)
Grafana Authentication Bypass by Spoofing Vulnerability (CVE-2023-3128)
WordPress Plugin Widgets on Pages Cross-Site Scripting (1.6.0)
TYPO3 Improper Authentication Vulnerability (CVE-2015-2047)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-14642)