VYPR
Medium severity5.3NVD Advisory· Published Mar 10, 2026· Updated Apr 7, 2026

CVE-2025-70129

CVE-2025-70129

Description

If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. The details of captcha challenge are exposed within document body of articles with comments & anti spam-captcha functionalities enabled, including "capcha-letter", "capcha-word" and "capcha-token" which can be used to construct a valid post request to publish a comment. As such, attackers can flood articles with automated spam comments, especially if there are no other web defenses available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Pluxml/Pluxml2 versions
    cpe:2.3:a:pluxml:pluxml:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:pluxml:pluxml:*:*:*:*:*:*:*:*range: <=5.8.22
    • (no CPE)range: <=5.8.22

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.