CVE-2025-13520

Name of the Vulnerable Software and Affected Versions MTCaptcha WordPress Plugin versions prior to 2.7.3

Description The software is susceptible to Cross-Site Request Forgery (CSRF) due to missing or incorrect nonce validation on the settings update functionality. An unauthenticated attacker could potentially update plugin settings, including sensitive values like the private key, by tricking a site administrator into performing an action. The attack requires the administrator to click a malicious link.

Recommendations Update the MTCaptcha WordPress Plugin to version 2.7.3 or later.