CWE-804
12 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-804page 1 of 1
- CVE-2022-1801HIGHCVSS 7.5EG 7.52022-06-20
The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check…
- CVE-2022-4036MEDIUMCVSS 5.3EG 5.32022-11-29
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAPTCHA secret that is also displayed to t…
- CVE-2023-6963MEDIUMCVSS 5.3EG 5.32024-02-05
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha Verification of the Contact Form block…
- CVE-2024-30540MEDIUMCVSS 5.3EG 5.32024-05-17
Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.This issue affects VS Contact Form: from n/a through 14.7.
- CVE-2024-31295MEDIUMCVSS 5.3EG 5.32024-05-17
Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0.
- CVE-2025-10423LOWCVSS 3.7EG 3.72025-09-15
A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated …
- CVE-2025-1262MEDIUMCVSS 5.3EG 5.32025-02-25
The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.
- CVE-2025-32036MEDIUMCVSS 4.2EG 4.22025-04-08
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created im…
- CVE-2025-40916CRITICALCVSS 9.1EG 9.12025-06-16
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.
- CVE-2025-50850HIGHCVSS 8.6EG 8.62025-07-31
An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematically attempt various combinations of use…
- CVE-2025-8546MEDIUMCVSS 5.3EG 5.32025-08-05
A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation leads to guessable captcha. It is possible …
- CVE-2026-40935MEDIUMCVSS 5.3EG 5.32026-04-21
WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, letting any unauthenticated client force …
Map vulnerabilities like CWE-804 to your infrastructure
EchelonGraph correlates every CVE — across CWE-804 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →