Type: XSS
Exploit version:
Release Date: 2011-03-18
Status: A new version of WP-reCAPTCHA has been released  •

Gabriel Quadros has discovered a vulnerability in the WP-reCAPTCHA plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. disable the captcha verification for the registration form or conduct script insertion attacks by tricking an administrator into visiting a malicious web site while being logged-in to the application.

Plugin Information

  1. Downloaded: 632477 Times
  2. Current Version: 4.1
  3. Author: Profile
  4. Tested up to: 2.9.2
  5. Download Plugin

Security Information

  1. Secunia ID: 43771
  2. Credit: Conviso IT Security
  • Plugin statistics provided by WordPress.org. Updated within the last day or so.
  • ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository

WPSecure For Sale

What you get:

1. Website Domain

2. Social Accounts (optional)

3. Website Files

Info: WPSecure.net is ranked PR4 by Google and gets an average 2k-3k monthly visitors. A ton a backlinks point to WPSecure because of it’s security documentation and some websites pull security posts from WPSecure.

Please email support@wpjot.com for inquiries and offers.