Captcha
Monthly
The Drupal CAPTCHA module contains an authentication bypass vulnerability (CWE-288) that allows attackers to circumvent CAPTCHA protection through an alternate path or channel, enabling functionality bypass. This vulnerability affects CAPTCHA versions 0.0.0 through 1.16.x and 2.0.0 through 2.0.9, allowing attackers to bypass CAPTCHA challenges intended to prevent automated abuse. While no CVSS score or EPSS data is currently available, the presence of an official Drupal security advisory and specific patched versions indicates active remediation efforts by the vendor.
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
The Drupal CAPTCHA module contains an authentication bypass vulnerability (CWE-288) that allows attackers to circumvent CAPTCHA protection through an alternate path or channel, enabling functionality bypass. This vulnerability affects CAPTCHA versions 0.0.0 through 1.16.x and 2.0.0 through 2.0.9, allowing attackers to bypass CAPTCHA challenges intended to prevent automated abuse. While no CVSS score or EPSS data is currently available, the presence of an official Drupal security advisory and specific patched versions indicates active remediation efforts by the vendor.
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.