vulnerability

WordPress Plugin: advanced-google-recaptcha: CVE-2024-12034: Generation of Predictable Numbers or Identifiers

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Dec 23, 2024	May 15, 2025	May 15, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Dec 23, 2024

Added

May 15, 2025

Modified

May 15, 2025

Description

The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts

Solution

advanced-google-recaptcha-plugin-cve-2024-12034

References

URL-https://www.cve.org/CVERecord?id=CVE-2024-12034
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa7e6f6-92b2-494b-8c7a-76ba8213b610?source=api-prod
CVE-2024-12034
https://attackerkb.com/topics/CVE-2024-12034

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today