Skip to main content

Captcha

4 CVEs product

Monthly

CVE-2026-3214 PHP MEDIUM PATCH This Month

The Drupal CAPTCHA module contains an authentication bypass vulnerability (CWE-288) that allows attackers to circumvent CAPTCHA protection through an alternate path or channel, enabling functionality bypass. This vulnerability affects CAPTCHA versions 0.0.0 through 1.16.x and 2.0.0 through 2.0.9, allowing attackers to bypass CAPTCHA challenges intended to prevent automated abuse. While no CVSS score or EPSS data is currently available, the presence of an official Drupal security advisory and specific patched versions indicates active remediation efforts by the vendor.

Authentication Bypass Captcha
NVD VulDB HeroDevs
CVSS 3.1
6.5
EPSS
0.0%
CVE-2017-2171 MEDIUM This Month

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Captcha Car Rental Contact Form +48
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-9283 MEDIUM This Month

The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Captcha
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2012-2914 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Captcha
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.9%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Drupal CAPTCHA module contains an authentication bypass vulnerability (CWE-288) that allows attackers to circumvent CAPTCHA protection through an alternate path or channel, enabling functionality bypass. This vulnerability affects CAPTCHA versions 0.0.0 through 1.16.x and 2.0.0 through 2.0.9, allowing attackers to bypass CAPTCHA challenges intended to prevent automated abuse. While no CVSS score or EPSS data is currently available, the presence of an official Drupal security advisory and specific patched versions indicates active remediation efforts by the vendor.

Authentication Bypass Captcha
NVD VulDB HeroDevs
EPSS 0% CVSS 6.1
MEDIUM This Month

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Captcha +50
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Captcha
NVD
EPSS 2% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Captcha
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy