CVE-2025-24628 - Vulnerability Details - OpenCVE

Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00135.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-3829	Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78.

Fixes

Solution

Update the WordPress Google Captcha wordpress plugin to the latest available version (at least 1.79).

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/wordpress/plugin/google-captcha/vulnerability/wordpress-recaptcha-by-bestwebsoft-plugin-1-78-captcha-bypass-vulnerability?_s_id=cve

History

Mon, 27 Jan 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78.
Title		WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability
Weaknesses		CWE-290
References		https://patchstack.com/database/wordpress/plugin/google-captcha/vulnerability/wordpress-recaptcha-by-bestwebsoft-plugin-1-78-captcha-bypass-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2025-01-27T14:22:16.358Z

Updated: 2025-02-12T20:41:34.596Z

Reserved: 2025-01-23T14:51:25.978Z

Link: CVE-2025-24628

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-01-27T15:15:14.923

Modified: 2025-01-27T15:15:14.923

Link: CVE-2025-24628

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24628", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-01-23T14:51:25.978Z", "datePublished": "2025-01-27T14:22:16.358Z", "dateUpdated": "2025-02-12T20:41:34.596Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-01-27T14:22:16.358Z"}, "title": "WordPress reCaptcha by BestWebSoft Plugin <= 1.78 - Captcha Bypass vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-151", "descriptions": [{"lang": "en", "value": "CAPEC-151 Identity Spoofing"}]}], "affected": [{"vendor": "BestWebSoft", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "google-captcha", "product": "Google Captcha", "versions": [{"lessThanOrEqual": "1.78", "status": "affected", "version": "n/a", "versionType": "custom", "changes": [{"at": "1.79", "status": "unaffected"}]}]}], "descriptions": [{"lang": "en", "value": "Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing. This issue affects Google Captcha: from n/a through 1.78.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Authentication Bypass by Spoofing vulnerability in BestWebSoft Google Captcha allows Identity Spoofing.</p><p>This issue affects Google Captcha: from n/a through 1.78.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/google-captcha/vulnerability/wordpress-recaptcha-by-bestwebsoft-plugin-1-78-captcha-bypass-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "version": "3.1"}}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress Google Captcha wordpress plugin to the latest available version (at least 1.79)."}], "value": "Update the WordPress Google Captcha wordpress plugin to the latest available version (at least 1.79)."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "cod3beat (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24628", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-27T14:59:38.858987Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T20:41:34.596Z"}}]}}