CVE-2024-3941

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-3941

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3941.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-3941

Published

2024-05-14T15:42:36.890Z

Modified

2026-03-14T12:34:45.156731Z

Severity

4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.

References

https://wpscan.com/vulnerability/6e09e922-983c-4406-8053-747d839995d1/

Affected packages

Git / github.com/bozdoz/wp-plugin-recaptcha-jetpack

Affected ranges

Type

GIT

Repo

https://github.com/bozdoz/wp-plugin-recaptcha-jetpack

Events

Introduced

Last affected

f2468d0bb1b0c14d5503dc14d03038da7b502ae2

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.2.2"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.2.0

v0.2.1

v0.2.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3941.json"