Kcaptcha WordPress Plugin Cross-Site Request Forgery Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Kcaptcha plugin for WordPress, affecting all versions up to and including 1.0.1. The vulnerability arises from a lack of nonce validation in the plugin's settings page handler. Specifically, the settings form fails to include a nonce field, and the form processing code does not verify the nonce or check the admin referer before saving settings to the database. This oversight allows unauthenticated attackers to manipulate the plugin's CAPTCHA settings by sending a forged request, provided they can deceive a site administrator into clicking a link.

Impact

Exploitation of this vulnerability allows for unauthorized modification of the Kcaptcha plugin's settings, specifically the CAPTCHA options for login, registration, password reset, and comment forms.

Reproduction

To reproduce this vulnerability, an attacker must send a forged request to the WordPress site, targeting the Kcaptcha plugin's settings page. The request should be crafted to include the desired changes to the CAPTCHA settings, such as enabling or disabling CAPTCHA for specific forms. The attacker must then trick an administrator into performing an action that triggers the request, such as clicking a link.

Remediation

No known patch is available for this vulnerability. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.