Easy reCaptcha bypass in User Verfication plugin

Back to Archive
Keyword
Select Category
Question Status
Ask Question
Ticket for: User Verification
0
Easy reCaptcha bypass in User Verfication plugin 1
German
Jan 16, 2025 02:46 AM 1 Answers
Member Since Jan 1970
Unsolved Solved Mark as Solved Mark as Unsolved
Subscribed Subscribe Not subscribe
Flag(0)

If I manually delete div class=g-recaptcha block from page via Inspect Code in browser and click submit button, then reCaptcha check is not performed at all.
Automated scripts that not pass g-recaptcha-response field with POST request can easy register many new users without confirmation.

Please add something like

 if (isset($_POST['g-recaptcha-response'])) {
...
 else {
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $default_registration_page == 'yes') {
$errors->add('loginCaptchaError', $captcha_error);
}
}

to all reCaptcha verification blocks in functions-recaptcha.php.

0 Subscribers
Submit Answer
Please login to submit answer.
1 Answers
Sort By:
Best Answer
0
Easy reCaptcha bypass in User Verfication plugin 2
Azizul Raju
Jan 19, 2025
Flag(0)
Hi, Thank you for letting us know about the issue. Our team is looking into this, and we'll update you if needed.
Sign in to Reply
Replying as Submit