cleantalk
Vulnerabilities and Security Researches

Advanced Google reCAPTCHA, CVE-2024-12034

CVE, Research URL

CVE-2024-12034

Home page URL

Security reports for Advanced Google reCAPTCHA

Application

Advanced Google reCAPTCHA

Published on
Dec 24, 2024
Research Description
The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts
Affected versions
max 1.26.
Status
vulnerable
Previous vulnerability researches
Advanced Google reCAPTCHA (CVE-2024-12034) , Dec 25, 2024
Advanced Google reCAPTCHA (CVE-2025-2074) , Apr 02, 2025
Advanced Google reCAPTCHA (CVE-2025-1262) , Feb 28, 2025
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026