CWE-804

Guessable CAPTCHA

4 CVEs Avg CVSS 5.0 MITRE
0
CRITICAL
0
HIGH
4
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2025-70129 MEDIUM This Month

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. [CVSS 5.3 MEDIUM]

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-27411 MEDIUM This Month

The SiteGuard WP Plugin for WordPress through version 1.7.9 contains a guessable CAPTCHA implementation that allows attackers to bypass security protections without authentication. This vulnerability enables attackers to circumvent the plugin's functionality controls and potentially gain unauthorized access to protected resources or perform actions that should be restricted.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-32036 MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
CVSS 3.1
4.2
EPSS
0.2%
CVE-2025-1262 MEDIUM PATCH This Month

The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google WordPress Authentication Bypass Advanced Google Recaptcha PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-70129
EPSS 0% CVSS 5.3
MEDIUM This Month

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. [CVSS 5.3 MEDIUM]

Information Disclosure
NVD GitHub VulDB
CVE-2026-27411
EPSS 0% CVSS 5.3
MEDIUM This Month

The SiteGuard WP Plugin for WordPress through version 1.7.9 contains a guessable CAPTCHA implementation that allows attackers to bypass security protections without authentication. This vulnerability enables attackers to circumvent the plugin's functionality controls and potentially gain unauthorized access to protected resources or perform actions that should be restricted.

Authentication Bypass WordPress
NVD
CVE-2025-32036
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Dotnetnuke
NVD GitHub
CVE-2025-1262
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google WordPress Authentication Bypass +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy