This vulnerability arises from a guessable CAPTCHA implementation within the SiteGuard WP Plugin. An attacker can predict or brute‑force the CAPTCHA value to bypass the plugin’s verification step that protects forms and other features. Based on the description, it is inferred that the bypass could allow unauthorized submissions such as spam comments or malicious content, although the CVE does not explicitly claim it impacts authentication or login processes. The primary impact is functional bypass, granting the attacker the same level of access to the protected features as a legitimate user.

The SiteGuard WP Plugin, published by jp-secure, is affected in all releases up to and including version 1.7.9. No more specific versioning information is provided by the CNA beyond the upper bound of 1.7.9.

The CVSS score of 5.3 places this issue in the moderate severity range, and the EPSS score of less than 1% indicates a low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. Based on the description, the likely attack vector is web-based: an attacker needs only to guess or compute the CAPTCHA value, which requires no authentication. Once bypassed, the attacker can use the plugin’s functional features, potentially enabling spam, unauthorized content submissions, or other indirect damage. The overall risk remains moderate, with exploitation considered rare given the low EPSS score.