PluXml Captcha Bypass Vulnerability in Anti-Spam Feature

A vulnerability exists in the anti-spam captcha functionality of PluXml versions 5.8.22 and earlier. When this feature is enabled, the captcha challenge is presented in a format that can be easily recognized and solved by automated scripts. The captcha details, including 'capcha-letter', 'capcha-word', and 'capcha-token', are exposed in the document body of articles with comments and anti-spam captcha enabled. This allows attackers to construct valid post requests and publish spam comments, potentially flooding articles with automated spam, especially in the absence of other web defenses.

Impact

Exploitation of this vulnerability allows for automated bypassing of the captcha system, leading to the publication of spam comments on affected articles. This could result in a significant increase in spam activity, potentially disrupting normal user engagement and overwhelming moderation efforts.

Reproduction

To reproduce this vulnerability, enable the anti-spam captcha feature in PluXml versions 5.8.22 or earlier. Once activated, the captcha challenge will be displayed in a recognizable format within the document body of articles that have comments enabled. An automated script can then be used to extract the captcha details and publish spam comments, effectively bypassing the captcha protection.