The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Bozdoz
  • Recaptcha Jetpack

Configuration 1 [-]

cpe:2.3:a:bozdoz:recaptcha_jetpack:*:*:*:*:*:wordpress:*:*

No data.

References
Link Providers
https://wpscan.com/vulnerability/bb0245e5-8e94-4f11-9003-d6208945056c/ cve-icon cve-icon
History

Mon, 05 May 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Bozdoz
Bozdoz recaptcha Jetpack
Weaknesses CWE-352
CPEs cpe:2.3:a:bozdoz:recaptcha_jetpack:*:*:*:*:*:wordpress:*:*
Vendors & Products Bozdoz
Bozdoz recaptcha Jetpack

Mon, 24 Mar 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-05-10T06:00:02.589Z

Updated: 2025-03-24T16:30:46.012Z

Reserved: 2024-04-17T21:51:46.052Z

Link: CVE-2024-3940

cve-icon Vulnrichment

Updated: 2024-08-01T20:26:57.211Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-14T15:42:36.773

Modified: 2025-05-05T17:08:57.070

Link: CVE-2024-3940

cve-icon Redhat

No data.