CVE-2011-0759

Name of the Vulnerable Software and Affected Versions WP-reCAPTCHA plugin version 2.9.8.2

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the configuration page of the WP-reCAPTCHA plugin for WordPress. These vulnerabilities allow remote attackers to hijack the authentication of administrators for requests, potentially leading to the disabling of the CAPTCHA requirement or the insertion of cross-site scripting (XSS) sequences. The vulnerable parameters include recaptcha opt pubkey, recaptcha opt privkey, re tabindex, error blank, error incorrect, mailhide pub, mailhide priv, mh replace link, and mh replace title.

Recommendations For WP-reCAPTCHA plugin version 2.9.8.2, consider disabling the configuration page or restricting access to it until a patch is available. Avoid using the vulnerable parameters in the configuration page to minimize the risk of exploitation. As a temporary workaround, restrict the ability to disable the CAPTCHA requirement or insert XSS sequences via the configuration page. At the moment, there is no information about a newer version that contains a fix for this vulnerability.