Primary

Context

Conditional CAPTCHA WordPress Plugin Open Redirect Vulnerability

Vulnerability

An open redirect vulnerability has been identified in the Conditional CAPTCHA WordPress plugin, affecting versions through 4.0.0. The issue arises because the plugin fails to validate a parameter before redirecting users, allowing for unauthorized redirection to external sites.

Impact

Exploitation of this vulnerability allows for open redirection, where users can be sent to a malicious site under the guise of a trusted one.

Reproduction

To reproduce this vulnerability, go to a post that allows comments and find the post ID. Create an HTML file with a form that includes the post ID, comment text, and a 'redirect_to' parameter set to the desired external URL. Submit the form, solve the captcha, and you will be redirected to the URL specified in the 'redirect_to' parameter.

Added: Feb 22, 2026, 6:23 AM

Updated: Feb 22, 2026, 6:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.1

remediation

0.0

relevance

3.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.1

remediation

0.0

relevance

3.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Conditional CAPTCHA WordPress Plugin Open Redirect Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating