The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Bozdoz |
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-32507 | The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 05 May 2025 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Bozdoz
Bozdoz recaptcha Jetpack |
|
| Weaknesses | CWE-352 | |
| CPEs | cpe:2.3:a:bozdoz:recaptcha_jetpack:*:*:*:*:*:wordpress:*:* | |
| Vendors & Products |
Bozdoz
Bozdoz recaptcha Jetpack |
Mon, 24 Mar 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2025-03-24T16:30:46.012Z
Reserved: 2024-04-17T21:51:46.052Z
Link: CVE-2024-3940
Vulnrichment
Updated: 2024-08-01T20:26:57.211Z
NVD
Status : Analyzed
Published: 2024-05-14T15:42:36.773
Modified: 2025-05-05T17:08:57.070
Link: CVE-2024-3940
Redhat
No data.
OpenCVE Enrichment
No data.