ZT Captcha WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the ZT Captcha plugin for WordPress, affecting all versions through 1.0.4. The issue arises from inadequate nonce validation in the 'save_ztcpt_captcha_settings' action, where the nonce check can be circumvented by sending an empty token. This vulnerability allows unauthenticated attackers to alter the plugin's settings by sending a forged request, provided they can deceive a site administrator into clicking a link.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the ZT Captcha plugin's settings on WordPress sites.

Reproduction

To reproduce this vulnerability, send a forged request to the 'save_ztcpt_captcha_settings' action with an empty nonce token. This can be done by tricking a site administrator into clicking a link that includes the forged request, bypassing the nonce validation and allowing the attacker to change the plugin's settings.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.