CVE-2024-12034

CVSS V2 None CVSS V3 None

Description

The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts

Overview

CVE ID
CVE-2024-12034

Assigner
Wordfence

Vulnerability Status
PUBLISHED

Published Version
2024-12-24T05:23:42.564Z

Last Modified Date
2024-12-24T05:23:42.564Z

Weakness Enumerations

CWE	URL
CWE-340	http://cwe.mitre.org/data/definitions/340.html

References

Reference URL	Reference Tags
https://www.wordfence.com/threat-intel/vulnerabilities/id/0fa7e6f6-92b2-494b-8c7a-76ba8213b610?source=cve
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3208704%40advanced-google-recaptcha&new=3208704%40advanced-google-recaptcha&sfp_email=&sfph_mail=

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-12034
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12034

History

Created	Old Value	New Value	Data Type	Notes
2024-12-24 13:14:17				Added to TrackCVE