Skip to main content

CWE-804

Guessable CAPTCHA

11 CVEs Avg CVSS 5.6 MITRE
0
CRITICAL
1
HIGH
10
MEDIUM
0
LOW
2
POC
0
KEV

Monthly

CVE-2026-49953 MEDIUM POC This Month

CAPTCHA challenge controls in Discuz! X5.0 (releases 20260320-20260501) can be reliably defeated by unauthenticated remote attackers who harvest samples from exposed forum endpoints and train a custom optical character recognition model to predict challenge text. The underlying weakness - CWE-804 - stems from a limited, predictable character set and insufficient visual distortion in generated images, enabling automation of login, registration, and other abuse-protected flows. Critically, a publicly available exploit exists and KarmaInsecurity has documented chaining this bypass with a race condition to achieve full remote code execution, substantially elevating practical risk beyond the standalone CVSS 4.0 score of 6.9.

Authentication Bypass Discuz X5 0
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-40935 PHP MEDIUM This Month

WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive `strcasecmp` comparison over a ~33-character alphabet and the fact that failed validations do NOT consume the stored session token, an attacker can trivially brute-force the CAPTCHA on any endpoint that relies on `Captcha::validation()` (user registration, password recovery, contact form, etc.) in at most ~33 requests per session. Commit bf1c76989e6a9054be4f0eb009d68f0f2464b453 contains a fix.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-70129 MEDIUM This Month

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. [CVSS 5.3 MEDIUM]

Information Disclosure Pluxml
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27411 MEDIUM This Month

The SiteGuard WP Plugin for WordPress through version 1.7.9 contains a guessable CAPTCHA implementation that allows attackers to bypass security protections without authentication. This vulnerability enables attackers to circumvent the plugin's functionality controls and potentially gain unauthorized access to protected resources or perform actions that should be restricted.

Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-32036 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-1262 MEDIUM PATCH This Month

The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google WordPress Authentication Bypass Advanced Google Recaptcha PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-31295 MEDIUM This Month

Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-30540 MEDIUM This Month

Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-6963 MEDIUM PATCH This Month

The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Getwid
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-4036 MEDIUM PATCH This Month

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Appointment Hour Booking
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
EPSS 0% CVSS 6.9
MEDIUM POC This Month

CAPTCHA challenge controls in Discuz! X5.0 (releases 20260320-20260501) can be reliably defeated by unauthenticated remote attackers who harvest samples from exposed forum endpoints and train a custom optical character recognition model to predict challenge text. The underlying weakness - CWE-804 - stems from a limited, predictable character set and insufficient visual distortion in generated images, enabling automation of login, registration, and other abuse-protected flows. Critically, a publicly available exploit exists and KarmaInsecurity has documented chaining this bypass with a race condition to achieve full remote code execution, substantially elevating practical risk beyond the standalone CVSS 4.0 score of 6.9.

Authentication Bypass Discuz X5 0
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive `strcasecmp` comparison over a ~33-character alphabet and the fact that failed validations do NOT consume the stored session token, an attacker can trivially brute-force the CAPTCHA on any endpoint that relies on `Captcha::validation()` (user registration, password recovery, contact form, etc.) in at most ~33 requests per session. Commit bf1c76989e6a9054be4f0eb009d68f0f2464b453 contains a fix.

PHP Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. [CVSS 5.3 MEDIUM]

Information Disclosure Pluxml
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

The SiteGuard WP Plugin for WordPress through version 1.7.9 contains a guessable CAPTCHA implementation that allows attackers to bypass security protections without authentication. This vulnerability enables attackers to circumvent the plugin's functionality controls and potentially gain unauthorized access to protected resources or perform actions that should be restricted.

Authentication Bypass
NVD
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google WordPress Authentication Bypass +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Getwid
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Appointment Hour Booking
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy