Description
The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.
Published: 2025-02-25
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: CAPTCHA Bypass allowing automated form submission and potential spam or brute‑force attacks
Action: Update Plugin
AI Analysis

Impact

The Advanced Google reCaptcha plugin for WordPress is vulnerable to a CAPTCHA bypass in its Built‑in Math Captcha verification. With this flaw, unauthenticated attackers can submit forms or perform automated actions without completing the mathematical challenge, potentially facilitating spam, credential stuffing, or brute‑force attempts. The weakness is a Classic Input Validation problem, classified as CWE‑804.

Affected Systems

The vulnerability affects the webfactory:Advanced Google reCAPTCHA WordPress plugin in all releases up to and including version 1.27. Users operating any of those releases are impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation at present. The flaw is not listed in CISA’s KEV catalog. Exploitation requires only unauthenticated access to a site that uses the Math Captcha, making it a remote attack vector over HTTP/HTTPS. While immediate life‑threatening risk is low, attackers could use it to automate malicious submissions.

Generated by OpenCVE AI on April 20, 2026 at 23:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Advanced Google reCaptcha plugin to version 1.28 or later
  • If an upgrade is not possible, disable the Math Captcha feature or remove the plugin entirely
  • Implement web‑application firewall rules to detect and block known bypass patterns and monitor for abnormal form submission activity

Generated by OpenCVE AI on April 20, 2026 at 23:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-5445 The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.
History

Fri, 28 Feb 2025 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Webfactoryltd
Webfactoryltd advanced Google Recaptcha
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:webfactoryltd:advanced_google_recaptcha:*:*:*:*:*:wordpress:*:*
Vendors & Products Webfactoryltd
Webfactoryltd advanced Google Recaptcha

Tue, 25 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 25 Feb 2025 13:00:00 +0000

Type Values Removed Values Added
Description The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.
Title Advanced Google reCaptcha <= 1.27 - Built-in Math CAPTCHA Bypass
Weaknesses CWE-804
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Webfactoryltd Advanced Google Recaptcha
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:26:05.522Z

Reserved: 2025-02-12T20:41:36.966Z

Link: CVE-2025-1262

cve-icon Vulnrichment

Updated: 2025-02-25T14:32:27.755Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-25T13:15:10.077

Modified: 2025-02-28T01:30:32.830

Link: CVE-2025-1262

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T00:00:13Z

Weaknesses