CWE-804
Guessable CAPTCHA
Description
The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.
Hierarchy (View 1000)
CVEs mapped to this weakness (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-40916 | Cri | 0.59 | 9.1 | 0.00 | Jun 16, 2025 | Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure. | ||
| CVE-2026-49953 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a… | ||
| CVE-2026-27411 | Med | 0.35 | 5.4 | 0.00 | Mar 5, 2026 | Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9. | ||
| CVE-2025-70129 | Med | 0.34 | 5.3 | 0.00 | Mar 10, 2026 | If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and… | ||
| CVE-2024-31295 | Med | 0.34 | 5.3 | 0.00 | May 17, 2024 | Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0. | ||
| CVE-2024-30540 | Med | 0.34 | 5.3 | 0.00 | May 17, 2024 | Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.This issue affects VS Contact Form: from n/a through 14.7. | ||
| CVE-2023-6963 | Med | 0.34 | 5.3 | 0.01 | Feb 5, 2024 | The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from… | ||
| CVE-2022-4036 | Med | 0.34 | 5.3 | 0.00 | Nov 29, 2022 | The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie. | ||
| CVE-2026-40935 | Med | 0.27 | 5.3 | 0.00 | Apr 21, 2026 | WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character… | ||
| CVE-2025-10423 | Low | 0.24 | 3.7 | 0.00 | Sep 15, 2025 | A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is… | ||
| CVE-2023-1539 | — | 0.00 | — | 0.01 | Mar 21, 2023 | Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6. |
- risk 0.59cvss 9.1epss 0.00
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.
- risk 0.42cvss 6.5epss 0.00
Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a…
- risk 0.35cvss 5.4epss 0.00
Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9.
- risk 0.34cvss 5.3epss 0.00
If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and…
- risk 0.34cvss 5.3epss 0.00
Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0.
- risk 0.34cvss 5.3epss 0.00
Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.This issue affects VS Contact Form: from n/a through 14.7.
- risk 0.34cvss 5.3epss 0.01
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting 'g-recaptcha-response' from…
- risk 0.34cvss 5.3epss 0.00
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.
- risk 0.27cvss 5.3epss 0.00
WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character…
- risk 0.24cvss 3.7epss 0.00
A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is…
- CVE-2023-1539Mar 21, 2023risk 0.00cvss —epss 0.01
Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6.