CWE-804
AllowedGuessable CAPTCHA
Abstraction: Base · Status: Incomplete
The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.
24 vulnerabilities reference this CWE, most recent first.
CVE-2023-6963 (GCVE-0-2023-6963)
Vulnerability from cvelistv5 – Published: 2024-02-05 21:22 – Updated: 2026-04-08 17:25- CWE-804 - Guessable CAPTCHA
| Vendor | Product | Version | |
|---|---|---|---|
| jetmonsters | Getwid – Gutenberg Blocks |
Affected:
0 , ≤ 2.0.4
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6963",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-06T16:38:49.003534Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:34.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:06.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3022982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Getwid \u2013 Gutenberg Blocks",
"vendor": "jetmonsters",
"versions": [
{
"lessThanOrEqual": "2.0.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucio S\u00e1"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block by omitting \u0027g-recaptcha-response\u0027 from the \u0027data\u0027 array."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-804",
"description": "CWE-804 Guessable CAPTCHA",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:25:28.890Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d317f2c7-06f3-4875-9f9b-eb7f450aa2f4?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3022982"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-19T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2024-01-17T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Getwid \u2013 Gutenberg Blocks \u003c= 2.0.4 - Captcha Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-6963",
"datePublished": "2024-02-05T21:22:02.318Z",
"dateReserved": "2023-12-19T20:14:55.515Z",
"dateUpdated": "2026-04-08T17:25:28.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-4036 (GCVE-0-2022-4036)
Vulnerability from cvelistv5 – Published: 2022-11-29 20:34 – Updated: 2026-04-08 17:33- CWE-804 - Guessable CAPTCHA
| Vendor | Product | Version | |
|---|---|---|---|
| codepeople | Appointment Hour Booking – Booking Calendar |
Affected:
0 , ≤ 1.3.72
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2803896%40appointment-hour-booking\u0026new=2803896%40appointment-hour-booking\u0026sfp_email=\u0026sfph_mail="
},
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4036"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-23T21:18:48.319483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-23T21:18:54.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Appointment Hour Booking \u2013 Booking Calendar",
"vendor": "codepeople",
"versions": [
{
"lessThanOrEqual": "1.3.72",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Greeb"
},
{
"lang": "en",
"type": "finder",
"value": "Andreas Kr\u00fcger"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-804",
"description": "CWE-804 Guessable CAPTCHA",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:33:29.365Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f62d28bd-fa33-4f0b-a116-5aacc05bfa3a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2803896%40appointment-hour-booking\u0026new=2803896%40appointment-hour-booking\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4036"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-11-29T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Appointment Hour Booking \u003c= 1.3.72 - CAPTCHA Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-4036",
"datePublished": "2022-11-29T20:34:59.668Z",
"dateReserved": "2022-11-16T18:38:10.160Z",
"dateUpdated": "2026-04-08T17:33:29.365Z",
"requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1801 (GCVE-0-2022-1801)
Vulnerability from cvelistv5 – Published: 2022-06-20 10:25 – Updated: 2024-08-03 00:16- CWE-804 - Guessable CAPTCHA
| URL | Tags |
|---|---|
| https://wpscan.com/vulnerability/a5c97809-2ffc-4e… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| Unknown | Very Simple Contact Form |
Affected:
11.6 , < 11.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Very Simple Contact Form",
"vendor": "Unknown",
"versions": [
{
"lessThan": "11.6",
"status": "affected",
"version": "11.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sebastian Cruz Cardona"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-804",
"description": "CWE-804 Guessable CAPTCHA",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T10:25:58.000Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Very Simple Contact Form \u003c 11.6 - Captcha bypass",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1801",
"STATE": "PUBLIC",
"TITLE": "Very Simple Contact Form \u003c 11.6 - Captcha bypass"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Very Simple Contact Form",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "11.6",
"version_value": "11.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sebastian Cruz Cardona"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-804 Guessable CAPTCHA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1801",
"datePublished": "2022-06-20T10:25:59.000Z",
"dateReserved": "2022-05-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:16:59.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-28M7-2RMV-HWQR
Vulnerability from github – Published: 2026-03-05 06:30 – Updated: 2026-03-09 18:31Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9.
{
"affected": [],
"aliases": [
"CVE-2026-27411"
],
"database_specific": {
"cwe_ids": [
"CWE-804"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-05T06:16:29Z",
"severity": "MODERATE"
},
"details": "Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through \u003c= 1.7.9.",
"id": "GHSA-28m7-2rmv-hwqr",
"modified": "2026-03-09T18:31:38Z",
"published": "2026-03-05T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27411"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/siteguard/vulnerability/wordpress-siteguard-wp-plugin-plugin-1-7-9-captcha-bypass-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-4639-47CP-327M
Vulnerability from github – Published: 2026-03-10 21:32 – Updated: 2026-03-11 15:31If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. The details of captcha challenge are exposed within document body of articles with comments & anti spam-captcha functionalities enabled, including "capcha-letter", "capcha-word" and "capcha-token" which can be used to construct a valid post request to publish a comment. As such, attackers can flood articles with automated spam comments, especially if there are no other web defenses available.
{
"affected": [],
"aliases": [
"CVE-2025-70129"
],
"database_specific": {
"cwe_ids": [
"CWE-804"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-10T20:16:20Z",
"severity": "MODERATE"
},
"details": "If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. The details of captcha challenge are exposed within document body of articles with comments \u0026 anti spam-captcha functionalities enabled, including \"capcha-letter\", \"capcha-word\" and \"capcha-token\" which can be used to construct a valid post request to publish a comment. As such, attackers can flood articles with automated spam comments, especially if there are no other web defenses available.",
"id": "GHSA-4639-47cp-327m",
"modified": "2026-03-11T15:31:46Z",
"published": "2026-03-10T21:32:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70129"
},
{
"type": "WEB",
"url": "https://github.com/forest4x/vuln-research-public/blob/main/CVE-2025-70129.pdf"
},
{
"type": "WEB",
"url": "https://youtu.be/dD2olE4yMqY"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5CWM-9HM2-R3CF
Vulnerability from github – Published: 2022-11-29 21:30 – Updated: 2026-04-08 21:31The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.
{
"affected": [],
"aliases": [
"CVE-2022-4036"
],
"database_specific": {
"cwe_ids": [
"CWE-326",
"CWE-804",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-29T21:15:00Z",
"severity": "MODERATE"
},
"details": "The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to the user via a cookie.",
"id": "GHSA-5cwm-9hm2-r3cf",
"modified": "2026-04-08T21:31:45Z",
"published": "2022-11-29T21:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4036"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2803896%40appointment-hour-booking\u0026new=2803896%40appointment-hour-booking\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f62d28bd-fa33-4f0b-a116-5aacc05bfa3a?source=cve"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-4036"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-6589-39CQ-P9HW
Vulnerability from github – Published: 2024-05-17 09:31 – Updated: 2024-05-17 09:31Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0.
{
"affected": [],
"aliases": [
"CVE-2024-31295"
],
"database_specific": {
"cwe_ids": [
"CWE-804"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T09:15:34Z",
"severity": "MODERATE"
},
"details": "Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0.",
"id": "GHSA-6589-39cq-p9hw",
"modified": "2024-05-17T09:31:02Z",
"published": "2024-05-17T09:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31295"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/captcha-bws/wordpress-captcha-by-bestwebsoft-plugin-5-2-0-captcha-bypass-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9P5C-4HGP-XHPR
Vulnerability from github – Published: 2025-02-25 15:34 – Updated: 2025-02-25 15:34The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.
{
"affected": [],
"aliases": [
"CVE-2025-1262"
],
"database_specific": {
"cwe_ids": [
"CWE-804"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-25T13:15:10Z",
"severity": "MODERATE"
},
"details": "The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.",
"id": "GHSA-9p5c-4hgp-xhpr",
"modified": "2025-02-25T15:34:36Z",
"published": "2025-02-25T15:34:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1262"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3244677/advanced-google-recaptcha"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d553aab2-d441-46d6-9c01-5dcfdc48674f?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-C8XC-GC49-4VF2
Vulnerability from github – Published: 2022-06-21 00:00 – Updated: 2022-06-29 00:00The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.
{
"affected": [],
"aliases": [
"CVE-2022-1801"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-804",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-20T11:15:00Z",
"severity": "HIGH"
},
"details": "The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.",
"id": "GHSA-c8xc-gc49-4vf2",
"modified": "2022-06-29T00:00:27Z",
"published": "2022-06-21T00:00:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1801"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/a5c97809-2ffc-4efb-8c80-1b734361cd06"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G44V-6QFM-F6CH
Vulnerability from github – Published: 2023-03-21 06:30 – Updated: 2023-03-27 22:10Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/answerdev/answer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-1539"
],
"database_specific": {
"cwe_ids": [
"CWE-307",
"CWE-804"
],
"github_reviewed": true,
"github_reviewed_at": "2023-03-21T22:32:31Z",
"nvd_published_at": "2023-03-21T05:15:00Z",
"severity": "MODERATE"
},
"details": "Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6.",
"id": "GHSA-g44v-6qfm-f6ch",
"modified": "2023-03-27T22:10:58Z",
"published": "2023-03-21T06:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1539"
},
{
"type": "WEB",
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"type": "PACKAGE",
"url": "https://github.com/answerdev/answer"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/b4df67f4-14ea-4051-97d4-26690c979a28"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Answer has Guessable CAPTCHA"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.