Does Captcha Code have any unpatched vulnerabilities?

No. All known vulnerabilities in Captcha Code have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Captcha Code compatible with WordPress 6.9.4?

According to WordPress.org data, Captcha Code 3.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Captcha Code compatible with PHP 5.2+?

Captcha Code requires PHP 5.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Captcha Code updated?

Captcha Code was last updated on Dec 3, 2025. Frequent updates are generally a positive security signal.

What is Captcha Code's security score?

Captcha Code has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Captcha Code Security & Risk Analysis

wordpress.org/plugins/captcha-code-authentication

GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.

100K active installs v3.3 PHP 5.2+ WP 3.0+ Updated Dec 3, 2025

captchacomments-spamform-captchalogin-captcharecaptcha

A · Safe

CVEs total2

Unpatched0

Last CVENov 24, 2023

Download

Safety Verdict

Is Captcha Code Safe to Use in 2026?

Generally Safe

Score 99/100

Captcha Code has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 24, 2023Updated 4mo ago

Risk Assessment

The "captcha-code-authentication" plugin v3.3 presents a mixed security posture. On the positive side, the static analysis reveals a remarkably small attack surface with zero identified entry points. The code also demonstrates good practices in its use of prepared statements for all SQL queries and a high percentage of output escaping. The presence of nonce and capability checks, although limited, is also a positive indicator. However, a significant concern stems from its vulnerability history, which includes two known CVEs, one high and one medium severity, with the most recent identified in late 2023. The types of past vulnerabilities, "Guessable CAPTCHA" and "Cross-Site Request Forgery (CSRF)," suggest potential weaknesses in the core functionality and authentication mechanisms that require ongoing vigilance. While the current static analysis doesn't reveal immediate exploitable flaws, the history of significant vulnerabilities necessitates a cautious approach. The lack of taint analysis results and zero critical/high severity findings in the static analysis are good, but the plugin's past issues overshadow this to some extent.

Key Concerns

Unpatched CVEs in history
One high severity vulnerability in history
One medium severity vulnerability in history
Vulnerability types: Guessable CAPTCHA
Vulnerability types: Cross-Site Request Forgery (CSRF)
Lower than perfect output escaping
Limited capability checks

Vulnerabilities

Captcha Code Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

High

Medium

2 total CVEs

CVE-2023-48745medium · 5.3Guessable CAPTCHA

Captcha Code <= 2.9 - Captcha Bypass

Nov 24, 2023 Patched in 3.0 (70d)

CVE-2022-37411high · 8.8Cross-Site Request Forgery (CSRF)

Captcha Code <= 2.7 - Cross-Site Request Forgery to Plugin Settings Update

Sep 1, 2022 Patched in 2.8 (509d)

Code Analysis

Analyzed Mar 16, 2026

Captcha Code Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

48 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

80% escaped60 total outputs

Attack Surface

Captcha Code Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 23

actionadmin_initwf-flyout\wf-flyout.php:27

actionadmin_enqueue_scriptswf-flyout\wf-flyout.php:73

actionadmin_headwf-flyout\wf-flyout.php:74

actionadmin_footerwf-flyout\wf-flyout.php:75

actionadmin_menuwpCaptcha.php:47

actionadmin_enqueue_scriptswpCaptcha.php:48

actionadmin_action_wp_captcha_code_install_wp301wpCaptcha.php:49

filteradmin_footer_textwpCaptcha.php:50

actionlogin_formwpCaptcha.php:54

filterlogin_errorswpCaptcha.php:55

filterlogin_redirectwpCaptcha.php:56

actioncomment_form_after_fieldswpCaptcha.php:60

actioncomment_form_logged_in_afterwpCaptcha.php:61

filterpreprocess_commentwpCaptcha.php:62

actionregister_formwpCaptcha.php:66

actionregister_postwpCaptcha.php:67

actionsignup_extra_fieldswpCaptcha.php:68

filterwpmu_validate_user_signupwpCaptcha.php:69

actionlostpassword_formwpCaptcha.php:73

actionlostpassword_postwpCaptcha.php:74

filtersafe_style_csswpCaptcha.php:920

filtersafe_style_csswpCaptcha.php:1174

actioninitwpCaptcha.php:1243

Maintenance & Trust

Captcha Code Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 3, 2025

PHP min version5.2

Downloads679K

Community Trust

Rating76/100

Number of ratings34

Active installs100K

Alternatives

Captcha Code Alternatives

ThinkCaptcha – Login Captcha, Register Captcha & Checkout reCAPTCHA

thinkcaptcha

100

Secure WordPress & WooCommerce forms with Google reCAPTCHA. Stop spam, bots, and brute-force attacks effectively.

40 No CVEs

Kcaptcha

kcaptcha

Kcaptcha plugin is the perfect security plugin for your wordpress website forms that protects your website from spam bots.

30 No CVEs

Advanced Google reCAPTCHA

advanced-google-recaptcha

Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.

200K 3 CVEs

ReCaptcha v2 for Contact Form 7

wpcf7-recaptcha

100

Adds reCaptcha v2 from Contact Form 7 5.0.5 that was dropped on Contact Form 7 5.1

200K No CVEs

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE

Developer Profile

Captcha Code Developer Profile

WebFactory

28 plugins · 3.5M total installs

trust score

Avg Security Score

98/100

Avg Patch Time

699 days

View full developer profile

Detection Fingerprints

How We Detect Captcha Code

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/captcha-code-authentication/css/wp-captcha-code.css/wp-content/plugins/captcha-code-authentication/js/wp-captcha-code.js

Script Paths

/wp-content/plugins/captcha-code-authentication/js/wp-captcha-code.js

Version Parameters

/captcha-code-authentication/css/wp-captcha-code.css?ver=/captcha-code-authentication/js/wp-captcha-code.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-captcha-code-footer

Data Attributes

data-captcha-refreshdata-captcha-text

JS Globals

wp_captcha_code_vars

FAQ