The Login No Captcha reCAPTCHA plugin for WordPress is not secure enough in versions up to 1.6.11. This is because it relies on user-supplied IP addresses from an HTTP Header to decide which users should be able to bypass the CAPTCHA (a type of security measure). If an attacker can get hold of one of these whitelisted IP addresses
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
