Type: XSS
Exploit version:
Release Date: 2011-03-18
Status: A new version of WP-reCAPTCHA has been released  •

Gabriel Quadros has discovered a vulnerability in the WP-reCAPTCHA plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. disable the captcha verification for the registration form or conduct script insertion attacks by tricking an administrator into visiting a malicious web site while being logged-in to the application.

Plugin Information

  1. Downloaded: 659970 Times
  2. Current Version: 4.1
  3. Author: Profile
  4. Tested up to: 2.9.2
  5. Download Plugin

Security Information

  1. Secunia ID: 43771
  2. Credit: Conviso IT Security
  • Plugin statistics provided by WordPress.org. Updated within the last day or so.
  • ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository