PT-2026-34643 · Webdesignby · Recaptcha
Mustafa Ahmed
·
Published
2026-04-23
·
Updated
2026-05-06
·
CVE-2026-4512
CVSS v3.1
3.5
Low
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
reCaptcha by WebDesignBy WordPress plugin versions prior to 2.0
Description
The plugin fails to sanitize or escape the Site Key setting before it is output within a JavaScript string context through the
grecaptcha js() function. This allows administrators on multisite installations who lack the unfiltered html capability to inject arbitrary JavaScript that executes for all visitors to the WordPress login page.Recommendations
Update the plugin to version 2.0 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Recaptcha