Vulnerabilities > CVE-2025-1262 - Guessable CAPTCHA vulnerability in Webfactoryltd Advanced Google Recaptcha

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

webfactoryltd

CWE-804

NVD

Published: 2025-02-25

Updated: 2025-02-28

Summary

The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.

Vulnerable Configurations

Part	Description	Count
Application	Webfactoryltd Webfactoryltd Advanced Google Recaptcha *	1

Common Weakness Enumeration (CWE)

CWE-804 - Guessable CAPTCHA

References

https://plugins.trac.wordpress.org/changeset/3244677/advanced-google-recaptcha
https://www.wordfence.com/threat-intel/vulnerabilities/id/d553aab2-d441-46d6-9c01-5dcfdc48674f?source=cve