cleantalk
Vulnerabilities and Security Researches

Alobaidi Captcha, CVE-2025-8080

CVE, Research URL

CVE-2025-8080

Home page URL

Security reports for Alobaidi Captcha

Application

Alobaidi Captcha

Published on
Aug 15, 2025
Research Description
The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 1.0.3.
Status
vulnerable
Previous vulnerability researches
12 Step Meeting List (CVE-2025-24582) , Jan 26, 2025
12 Step Meeting List (CVE-2025-24580) , Jan 26, 2025
12 Step Meeting List (CVE-2023-46641) , Jun 07, 2024
12 Step Meeting List (CVE-2024-35693) , Jun 10, 2024
12 Step Meeting List (CVE-2025-24583) , Apr 19, 2025
New vulnerability
Inspectlet – User Session Recording and Heatmaps (CVE-2025-49048) , Aug 16, 2025
B Slider – Slider for your block editor (CVE-2025-8676) , Aug 16, 2025
B Slider – Slider for your block editor (CVE-2025-8680) , Aug 16, 2025
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2025-55708) , Aug 16, 2025
WP Voting (CVE-2025-49057) , Aug 16, 2025