Vulnerability in ReCaptcha Integration for WordPress Plugin Could Lead to Cross-Site Scripting
CVE-2024-8739

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Recaptcha Integration For WordPress
Vendor: CVE Published:; 2 November 2024

What is CVE-2024-8739?

The ReCaptcha Integration for WordPress plugin is susceptible to Reflected Cross-Site Scripting (XSS) due to inadequate escaping of the URL in the add_query_arg function. Instances of this vulnerability exist in all versions up to and including 1.2.5. This flaw allows attackers without authentication to inject malicious web scripts into web pages, which can be executed if a user is manipulated into taking a specific action, such as clicking a link. This vulnerability has significant implications for user security and data integrity on affected WordPress sites.

Affected Version(s)

ReCaptcha Integration for WordPress * <= 1.2.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-recaptcha-i...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 2, 2024

Credit

Dale Mavers