CVE-2021-24565

Name of the Vulnerable Software and Affected Versions Contact Form 7 Captcha WordPress plugin versions prior to 0.0.9

Description The issue concerns a lack of CSRF check when saving settings, allowing an attacker to manipulate a logged-in user with manage options privileges into changing them. Additionally, the settings are not properly escaped when output in attributes, leading to a Stored Cross-Site Scripting issue.

Recommendations For versions prior to 0.0.9, update to version 0.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings page to minimize the risk of exploitation. Avoid using the plugin's settings until the issue is resolved.