Advanced Google reCAPTCHA
Advanced Google reCAPTCHA protects your WordPress site from spam comments & brute force login attacks using captcha. This captcha plugin, quickly adds Google reCAPTCHA and other captcha tests to WordPress comment form, login form, and other forms.
Using Advanced Google reCAPTCHA (most popular captcha on the market), you’ll be safe from spam comments and protect user accounts, WooCommerce, Easy Digital Downloads, BuddyPress and other forms from brute-force login attacks.
reCaptcha works for:
- Login Form
- Registration Form
- Reset Password Form
- Comment Form
- BuddyPress Form
- WooCommerce Form
- Easy Digital Downloads (EDD) Login Form
- Easy Digital Downloads (EDD) Registration Form
Captcha uses these 3rd party libs:
- Chart.js, 2017 Nick Downie, MIT
- DataTables, 2008-2017 SpryMedia Ltd, MIT
- moment.js, Tim Wood, Iskren Chernev, MIT
- SweetAlert 2, github.com/Sweetalert2/Sweetalert2, MIT
- tooltipster, www.heteroclito.fr/modules/tooltipster/, MIT
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 5.3 MEDIUM | — | ||
The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to generic SQL Injection via the ‘sSearch’ parameter in all versions up to, and including, 1.29 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries, particularly when the plugin’s settings page hasn’t been visited and its welcome message has not been dismissed. This issue can be used to extract sensitive information from the database. | |||