Cross-Site Request Forgery in Blue Captcha Plugin for WordPress
CVE-2026-10552
4.3MEDIUM
What is CVE-2026-10552?
The Blue Captcha plugin for WordPress has a vulnerability allowing Cross-Site Request Forgery due to insufficient nonce validation in its main admin panel and other critical subpages. An attacker can exploit this weakness to execute destructive operations such as uninstalling the plugin or deleting essential logs and data, all by tricking an administrator into interacting with a malicious link. Without proper nonce checks, unauthorized users can manipulate actions like banning IP addresses, posing significant risks to site security.
Affected Version(s)
Blue Captcha 0 <= 2.0.1