WordPress reCAPTCHA Plugin has an XSS Vulnerability

November 8, 2022
3:25 pm

A vulnerability has been identified in the WordPress reCAPTCHA plugin, which protects WordPress website forms from spam/robot logins, that could allow threat actors to perform XSS (Cross-Site Scripting) attacks on affected installations.

The security vulnerability with code CVE-2022-3831 affects the “unfiltered_html” component and is caused by insufficient cleaning of user-supplied data. Exploiting the vulnerability requires administrative privileges.

The vulnerability, assessed as medium critical, affects all versions of WordPress reCAPTCHA 1.6 and earlier. The plugin has been removed from the WordPress market since November 2, 2022, and no current version fixes the vulnerability. In this context, it is recommended that users using the plugin in WordPress installations immediately disable or remove it to avoid being affected by the vulnerability.

WordPress reCAPTCHA Plugin has an XSS Vulnerability

Share This:

Channel Partners

Become A Partner

Partner Portal Login

The Bridge Partner Program

Blog

Customer Stories

Datasheets

e-Books

Events

Glossary

Threat Intelligence Researches

Reports

Security News

Infographics

Whitepapers

Explore Our Ransomware Threats Report

Platform Overview

Brand Protection

Exposure Management

Cyber Threat Intelligence

Supply Chain Security

Technology Integrations

CONTACT US

About Us

Careers

News

Awards

Logos & Press Kit

Threat Intelligence Services

Brand Monitoring

Fraud Protection

VIP Security

Vulnerability Intelligence

Attack Surface Management

Preventing Data Leakage

Phishing Monitoring

Account Takeover Detection

Stolen Credit Cards

Dark Web Monitoring

Remediation and Takedown