Vulnerabilities and security researches forrecaptcha-jetpack recaptcha-jetpack

Jun 07, 2024

CVE, Research URL: CVE-2024-3941
Home page URL: Security reports for reCAPTCHA Jetpack
Application: reCAPTCHA Jetpack
Date: May 14, 2024
Research Description: The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-3940
Home page URL: Security reports for reCAPTCHA Jetpack
Application: reCAPTCHA Jetpack
Date: May 14, 2024
Research Description: The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected versions: Min -, max -.
Status: vulnerable

Apr 11, 2025

CVE, Research URL: CVE-2025-32494
Home page URL: Security reports for reCAPTCHA Jetpack
Application: reCAPTCHA Jetpack
Date: Apr 09, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in bozdoz reCAPTCHA Jetpack allows Cross Site Request Forgery. This issue affects reCAPTCHA Jetpack: from n/a through 0.2.2.
Affected versions: Min -, max -.
Status: vulnerable