WP-Safety

Advanced Google reCAPTCHA Security & Risk Analysis

wordpress.org/plugins/advanced-google-recaptcha

Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.

200K active installs v1.31 PHP 5.2+ WP 4.9+ Updated Dec 2, 2025
captchacomment-recaptchagoogle-recaptchalogin-recaptcharecaptcha
98
A · Safe
CVEs total3
Unpatched0
Last CVEMar 27, 2025
Plugin page Download
Safety Verdict

Is Advanced Google reCAPTCHA Safe to Use in 2026?

Generally Safe

Score 98/100

Advanced Google reCAPTCHA has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Mar 27, 2025Updated 4mo ago
Risk Assessment

The "advanced-google-recaptcha" v1.31 plugin exhibits a mixed security posture. On the positive side, its code analysis reveals robust practices in handling SQL queries and output escaping, with 100% of both utilizing prepared statements and proper escaping respectively. There are no identified file operations or external HTTP requests, and no bundled libraries appear to be flagged as dangerous. However, significant concerns arise from its attack surface and vulnerability history. The presence of one unprotected AJAX handler represents a direct entry point for potential malicious activity. Furthermore, the plugin has a history of three medium-severity vulnerabilities, including SQL Injection, Guessable CAPTCHA, and Generation of Predictable Numbers or Identifiers. While currently unpatched CVEs are zero, the recurring nature of these vulnerability types suggests potential underlying weaknesses that might resurface in future versions if not adequately addressed. The taint analysis, while not indicating critical or high severity flows, did identify two flows with unsanitized paths, which is a cause for concern.

Key Concerns

  • Unprotected AJAX handler
  • Multiple medium severity CVEs in history
  • Taint analysis shows unsanitized paths
  • Missing nonce checks on AJAX
Vulnerabilities
3

Advanced Google reCAPTCHA Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-2074medium · 5.3Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advanced Google reCAPTCHA <= 1.29 - Authenticated (Subscriber+) Limited SQL Injection via 'sSearch' Parameter

Mar 27, 2025 Patched in 1.30 (1d)
CVE-2025-1262medium · 5.3Guessable CAPTCHA

Advanced Google reCaptcha <= 1.27 - Built-in Math CAPTCHA Bypass

Feb 24, 2025 Patched in 1.28 (2d)
CVE-2024-12034medium · 5.3Generation of Predictable Numbers or Identifiers

Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock

Dec 23, 2024 Patched in 1.26 (1d)
Code Analysis
Analyzed Mar 16, 2026

Advanced Google reCAPTCHA Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
72 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

DataTables

Output Escaping

100% escaped72 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
tab_basic (interface\tab_login_form.php:36)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Advanced Google reCAPTCHA Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_wpcaptcha_run_tooladvanced-google-recaptcha.php:111
WordPress Hooks 54
actionadmin_menuadvanced-google-recaptcha.php:92
filterplugin_row_metaadvanced-google-recaptcha.php:96
filteradmin_footer_textadvanced-google-recaptcha.php:97
actionadmin_initadvanced-google-recaptcha.php:100
actionadmin_noticesadvanced-google-recaptcha.php:101
actionadmin_enqueue_scriptsadvanced-google-recaptcha.php:104
actionadmin_action_wpcaptcha_install_templateadvanced-google-recaptcha.php:107
actionadmin_action_wpcaptcha_install_wp301advanced-google-recaptcha.php:108
filterlogin_formadvanced-google-recaptcha.php:115
filterlogin_form_middleadvanced-google-recaptcha.php:116
filterlogin_form_middleadvanced-google-recaptcha.php:117
actionwoocommerce_login_formadvanced-google-recaptcha.php:118
actionwoocommerce_login_formadvanced-google-recaptcha.php:119
actionwoocommerce_login_formadvanced-google-recaptcha.php:120
filteredd_login_fields_afteradvanced-google-recaptcha.php:121
filteredd_login_fields_afteradvanced-google-recaptcha.php:122
actionlogin_enqueue_scriptsadvanced-google-recaptcha.php:123
filterregistration_errorsadvanced-google-recaptcha.php:128
actionregister_formadvanced-google-recaptcha.php:129
actionlostpassword_formadvanced-google-recaptcha.php:134
actionresetpass_formadvanced-google-recaptcha.php:135
actionwoocommerce_lostpassword_formadvanced-google-recaptcha.php:136
actionwoocommerce_resetpassword_formadvanced-google-recaptcha.php:137
actionwoocommerce_lostpassword_formadvanced-google-recaptcha.php:138
actionwoocommerce_resetpassword_formadvanced-google-recaptcha.php:139
actionlostpassword_postadvanced-google-recaptcha.php:140
actionvalidate_password_resetadvanced-google-recaptcha.php:141
actioncomment_form_after_fieldsadvanced-google-recaptcha.php:146
actioncomment_form_after_fieldsadvanced-google-recaptcha.php:147
filterpreprocess_commentadvanced-google-recaptcha.php:148
actionwoocommerce_register_formadvanced-google-recaptcha.php:153
actionwoocommerce_register_formadvanced-google-recaptcha.php:154
filterwoocommerce_process_registration_errorsadvanced-google-recaptcha.php:155
actionwoocommerce_review_order_before_submitadvanced-google-recaptcha.php:160
actionwoocommerce_review_order_before_submitadvanced-google-recaptcha.php:161
actionwoocommerce_checkout_processadvanced-google-recaptcha.php:162
filteredd_register_form_fields_before_submitadvanced-google-recaptcha.php:167
filteredd_register_form_fields_before_submitadvanced-google-recaptcha.php:168
actionedd_process_register_formadvanced-google-recaptcha.php:169
actionbp_after_signup_profile_fieldsadvanced-google-recaptcha.php:174
actionbp_after_signup_profile_fieldsadvanced-google-recaptcha.php:175
actionbp_signup_validateadvanced-google-recaptcha.php:176
actionlogin_headadvanced-google-recaptcha.php:179
filterauthenticateadvanced-google-recaptcha.php:182
actionlogin_formadvanced-google-recaptcha.php:185
filterlogin_form_bottomadvanced-google-recaptcha.php:186
actionwp_login_failedadvanced-google-recaptcha.php:187
filterlogin_errorsadvanced-google-recaptcha.php:188
actionplugins_loadedadvanced-google-recaptcha.php:236
actioninitadvanced-google-recaptcha.php:237
actionadmin_initwf-flyout\wf-flyout.php:27
actionadmin_enqueue_scriptswf-flyout\wf-flyout.php:73
actionadmin_headwf-flyout\wf-flyout.php:74
actionadmin_footerwf-flyout\wf-flyout.php:75
Maintenance & Trust

Advanced Google reCAPTCHA Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version5.2
Downloads2.4M

Community Trust

Rating96/100
Number of ratings428
Active installs200K
Alternatives

Advanced Google reCAPTCHA Alternatives

reCaptcha for WooCommerce

reCaptcha for WooCommerce

advanced-google-recaptcha-for-woocommerce

A
100

Enable Google reCaptcha for WooCommerce Checkout, Login, Registration, and Reset Password Forms to protect your store against spam.

300 No CVEs
Addonify – reCaptcha For EDD

Addonify – reCaptcha For EDD

addonify-recaptcha-for-edd

A
92

Addonify reCAPTCHA for EDD is a simple plugin that adds Google reCaptcha in Easy Digital Downloads login and registration forms.

70 No CVEs
Checkout Captcha for WooCommerce

Checkout Captcha for WooCommerce

jkm-checkout-captcha-for-woo

A
92

Adds reCAPTCHA verification to WooCommerce checkout, login, registration, and password reset forms to prevent spam and bot transactions.

40 No CVEs
CF7 Google Captcha Load After Page

CF7 Google Captcha Load After Page

cf7-google-captcha-load-after-page

A
85

This plugins use for your website speed improvement and decrease your page request. When you have used contact form 7 and insert you Google Captcha( v &hellip;

2K No CVEs
Power Captcha reCAPTCHA

Power Captcha reCAPTCHA

power-captcha-recaptcha

A
92

Protect WordPress/WooCommerce/Contact Form 7 forms from spam, brute-force attacks, fake comments, accounts, or registrations with Google reCAPTCHA.

1K No CVEs
Developer Profile

Advanced Google reCAPTCHA Developer Profile

WebFactory

28 plugins · 3.5M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
699 days
View full developer profile
Detection Fingerprints

How We Detect Advanced Google reCAPTCHA

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-google-recaptcha/wf-flyout/css/wf-flyout.css/wp-content/plugins/advanced-google-recaptcha/wf-flyout/js/wf-flyout.js/wp-content/plugins/advanced-google-recaptcha/assets/css/admin-style.css/wp-content/plugins/advanced-google-recaptcha/assets/js/admin-script.js/wp-content/plugins/advanced-google-recaptcha/assets/js/frontend-script.js
Script Paths
/wp-content/plugins/advanced-google-recaptcha/wf-flyout/js/wf-flyout.js/wp-content/plugins/advanced-google-recaptcha/assets/js/admin-script.js/wp-content/plugins/advanced-google-recaptcha/assets/js/frontend-script.js
Version Parameters
advanced-google-recaptcha/wf-flyout/css/wf-flyout.css?ver=advanced-google-recaptcha/wf-flyout/js/wf-flyout.js?ver=advanced-google-recaptcha/assets/css/admin-style.css?ver=advanced-google-recaptcha/assets/js/admin-script.js?ver=advanced-google-recaptcha/assets/js/frontend-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpcaptcha-login-formwpcaptcha-register-formwpcaptcha-comment-formwpcaptcha-lostpassword-formwpcaptcha-resetpass-formwpcaptcha-checkout-formwf-flyout-container
HTML Comments
<!-- Added by Advanced Google reCAPTCHA plugin --><!-- Added by WebFactory Ltd -->
Data Attributes
data-wpcaptcha-sitekeydata-wpcaptcha-themedata-wpcaptcha-size
JS Globals
wpcaptcha_vars
REST Endpoints
/wp-json/wpcaptcha/v1/get_settings
FAQ

Frequently Asked Questions about Advanced Google reCAPTCHA