Does CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress have any unpatched vulnerabilities?

No. All known vulnerabilities in CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress compatible with WordPress 6.8.5?

According to WordPress.org data, CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress 7.6.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress compatible with PHP 7.4+?

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress Security & Risk Analysis

wordpress.org/plugins/advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K active installs v7.6.0 PHP 7.4+ WP 5.5+ Updated Jun 11, 2025

antispam-protectioncaptchacloudflare-turnstilehcaptcharecaptcha

A · Safe

CVEs total1

Unpatched0

Last CVEJun 29, 2022

Plugin page Download

Safety Verdict

Is CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress Safe to Use in 2026?

Generally Safe

Score 99/100

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 29, 2022Updated 9mo ago

Risk Assessment

The "advanced-nocaptcha-recaptcha" plugin v7.6.0 exhibits a generally good security posture, with a high percentage of SQL queries using prepared statements and a strong adherence to output escaping and nonce checks. The plugin also shows good practice by not bundling external libraries, which often become outdated and introduce vulnerabilities. However, a significant concern arises from the presence of an unprotected AJAX handler, creating a potential entry point for unauthorized actions. While the taint analysis reports no immediate critical or high severity issues, this uncovered AJAX handler warrants attention. The plugin's vulnerability history, particularly a past high-severity Cross-Site Request Forgery (CSRF) vulnerability, indicates a potential for similar issues if not diligently managed. Despite the current lack of unpatched CVEs and zero taint flows, the single unprotected AJAX handler is a clear risk that slightly degrades its otherwise strong security standing.

Key Concerns

Unprotected AJAX handler found
One past high severity CVE

Vulnerabilities

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2022-2184high · 8.8Cross-Site Request Forgery (CSRF)

CAPTCHA 4WP <= 7.0.6.1 - Cross-Site Request Forgery to Local File Inclusion

Jun 29, 2022 Patched in 7.1.0 (573d)

Code Analysis

Analyzed Mar 16, 2026

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

267 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared9 total queries

Output Escaping

95% escaped280 total outputs

Attack Surface

1 unprotected

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress Attack Surface

Entry Points9

Unprotected1

AJAX Handlers 9

authwp_ajax_c4wp_dismiss_update_noticeadmin\admin-notices\class-plugin-updated-notice.php:35

authwp_ajax_c4wp_dismiss_owner_noticeadmin\admin-notices\class-plugin-updated-notice.php:36

authwp_ajax_c4wp_reset_captcha_configadmin\class-c4wp-settings.php:70

authwp_ajax_c4wp_nocaptcha_plugin_notice_ignoreadmin\class-c4wp-settings.php:71

authwp_ajax_c4wp_ajax_verifyincludes\class-c4wp-captcha-class.php:116

noprivwp_ajax_c4wp_ajax_verifyincludes\class-c4wp-captcha-class.php:117

authwp_ajax_c4wp_nocaptcha_plugin_notice_ignoreincludes\class-c4wp-captcha-class.php:118

authwp_ajax_c4wp_validate_secret_keyincludes\class-c4wp-captcha-class.php:137

noprivwp_ajax_c4wp_validate_secret_keyincludes\class-c4wp-captcha-class.php:138

WordPress Hooks 53

actionadmin_noticesadmin\admin-notices\class-plugin-updated-notice.php:30

actionnetwork_admin_noticesadmin\admin-notices\class-plugin-updated-notice.php:31

actionadmin_initadmin\admin-notices\class-plugin-updated-notice.php:32

actionadmin_initadmin\class-c4wp-settings.php:55

actionadmin_initadmin\class-c4wp-settings.php:56

actionadmin_enqueue_scriptsadmin\class-c4wp-settings.php:58

actionnetwork_admin_menuadmin\class-c4wp-settings.php:63

actionadmin_menuadmin\class-c4wp-settings.php:66

filterc4wp_settings_fieldsadmin\class-c4wp-settings.php:78

actionadmin_bar_menuadmin\class-c4wp-settings.php:79

actionadmin_noticesadmin\class-c4wp-settings.php:83

filterc4wp_settings_fields_afteradmin\class-c4wp-settings.php:85

actionadmin_footeradmin\class-c4wp-settings.php:1212

actionwp_loadedadvanced-nocaptcha-recaptcha.php:132

actioninitadvanced-nocaptcha-recaptcha.php:133

actioninitadvanced-nocaptcha-recaptcha.php:134

actioninitadvanced-nocaptcha-recaptcha.php:137

actionadmin_print_scriptsadvanced-nocaptcha-recaptcha.php:140

actioninitadvanced-nocaptcha-recaptcha.php:151

actioninitadvanced-nocaptcha-recaptcha.php:152

actioninitadvanced-nocaptcha-recaptcha.php:153

actionlogin_enqueue_scriptsadvanced-nocaptcha-recaptcha.php:154

actionplugins_loadedadvanced-nocaptcha-recaptcha.php:162

actionlogin_formincludes\class-c4wp-captcha-class.php:74

filterlogin_form_middleincludes\class-c4wp-captcha-class.php:75

actionum_after_login_fieldsincludes\class-c4wp-captcha-class.php:76

filterauthenticateincludes\class-c4wp-captcha-class.php:77

actionregister_formincludes\class-c4wp-captcha-class.php:81

filterregistration_errorsincludes\class-c4wp-captcha-class.php:82

actionsignup_extra_fieldsincludes\class-c4wp-captcha-class.php:86

filterwpmu_validate_user_signupincludes\class-c4wp-captcha-class.php:87

actionsignup_blogformincludes\class-c4wp-captcha-class.php:88

filterwpmu_validate_blog_signupincludes\class-c4wp-captcha-class.php:89

actionlostpassword_formincludes\class-c4wp-captcha-class.php:93

actionlostpassword_postincludes\class-c4wp-captcha-class.php:94

actionresetpass_formincludes\class-c4wp-captcha-class.php:98

filtervalidate_password_resetincludes\class-c4wp-captcha-class.php:99

actioncomment_form_after_fieldsincludes\class-c4wp-captcha-class.php:104

filtercomment_form_field_commentincludes\class-c4wp-captcha-class.php:106

filterpre_comment_approvedincludes\class-c4wp-captcha-class.php:110

filterpreprocess_commentincludes\class-c4wp-captcha-class.php:112

actionadmin_enqueue_scriptsincludes\class-c4wp-captcha-class.php:119

actionwp_enqueue_scriptsincludes\class-c4wp-captcha-class.php:127

actionlogin_enqueue_scriptsincludes\class-c4wp-captcha-class.php:128

actionwp_footerincludes\class-c4wp-captcha-class.php:130

actionlogin_footerincludes\class-c4wp-captcha-class.php:131

actionwp_headincludes\class-c4wp-captcha-class.php:134

actionlogin_footerincludes\class-c4wp-captcha-class.php:135

filtershake_error_codesincludes\class-c4wp-functions.php:38

actionadmin_initincludes\include-functions.php:20

actionbefore_woocommerce_initincludes\include-functions.php:42

filterc4wp_settings_fieldsincludes\methods\class-cloudflare.php:47

filterc4wp_settings_fieldsincludes\methods\class-hcaptcha.php:47

Maintenance & Trust

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 11, 2025

PHP min version7.4

Downloads3.6M

Community Trust

Rating64/100

Number of ratings268

Active installs100K

Alternatives

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress Alternatives

Contact Form 7 Captcha

contact-form-7-simple-recaptcha

Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.

100K 2 CVEs

reCAPTCHA in WP comments form

recaptcha-in-wp-comments-form

reCAPTCHA in WP comments form is an ANTISPAM tool that adds a Google reCAPTCHA to the comments form and protects your site from the spam robots threat …

9K No CVEs

DoLogin Security

dologin

Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent/Country/City)/IP range to limit login attempts.

7K 4 CVEs

G-Forms hCaptcha

gf-hcaptcha

A new way to monetize your site traffic with the hCaptcha addon for Gravity Forms.

3K No CVEs

Ultimate WP Captcha

ultimate-wp-captcha

100

Enables Google reCAPTCHA and hCaptcha for the WordPress website forms.

300 No CVEs

Developer Profile

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress Developer Profile

WPKube

9 plugins · 238K total installs

trust score

Avg Security Score

81/100

Avg Patch Time

725 days

View full developer profile

Detection Fingerprints

How We Detect CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/advanced-nocaptcha-recaptcha/js/admin/c4wp-admin-settings.js/wp-content/plugins/advanced-nocaptcha-recaptcha/js/frontend/c4wp-frontend.js/wp-content/plugins/advanced-nocaptcha-recaptcha/css/c4wp-admin.css/wp-content/plugins/advanced-nocaptcha-recaptcha/css/c4wp-frontend.css

Script Paths

https://www.google.com/recaptcha/api.js?render=https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=

Version Parameters

advanced-nocaptcha-recaptcha/js/admin/c4wp-admin-settings.js?ver=advanced-nocaptcha-recaptcha/js/frontend/c4wp-frontend.js?ver=advanced-nocaptcha-recaptcha/css/c4wp-admin.css?ver=advanced-nocaptcha-recaptcha/css/c4wp-frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes

c4wp-fieldc4wp-labelc4wp-input-wrapc4wp-captcha-settings-wrapc4wp-recaptcha-block

HTML Comments

+2 more

Data Attributes

data-site-key

JS Globals

C4WP

REST Endpoints

/wp-json/c4wp/v1/settings

FAQ