Does Captchinoo, admin login page protection with Google recaptcha have any unpatched vulnerabilities?

No. All known vulnerabilities in Captchinoo, admin login page protection with Google recaptcha have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Captchinoo, admin login page protection with Google recaptcha compatible with WordPress 6.8.5?

According to WordPress.org data, Captchinoo, admin login page protection with Google recaptcha 4.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Captchinoo, admin login page protection with Google recaptcha Security & Risk Analysis

wordpress.org/plugins/captchinoo-captcha-for-login-form-protection

Want to verify that your website users are not bots with a very simple way with one click installation? you need Captchinoo Captcha plugin!!

300 active installs v4.2 PHP + WP 4.6+ Updated Jun 2, 2025

captchafirewallloginprotectionrecaptcha

A · Safe

CVEs total2

Unpatched0

Last CVEApr 22, 2021

Download

Safety Verdict

Is Captchinoo, admin login page protection with Google recaptcha Safe to Use in 2026?

Generally Safe

Score 98/100

Captchinoo, admin login page protection with Google recaptcha has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Apr 22, 2021Updated 10mo ago

Risk Assessment

This plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling and output escaping, with 100% of SQL queries using prepared statements and all outputs properly escaped. However, a significant concern arises from the static analysis, which reveals four AJAX handlers without any authentication checks. This creates a substantial attack surface that could be exploited by unauthenticated users. The lack of nonce checks further exacerbates this risk.

The vulnerability history indicates past issues with Cross-Site Request Forgery (CSRF) and Improper Authorization, both of which align with the observed lack of authentication on AJAX endpoints. While there are no currently unpatched vulnerabilities, the presence of two high-severity historical CVEs suggests a pattern of past security weaknesses that require careful monitoring. The absence of any critical taint analysis findings is a positive sign, but it does not negate the risks posed by the exposed AJAX endpoints and past authorization flaws.

In conclusion, while the plugin has strengths in data handling, the significant number of unprotected AJAX entry points and its history of authorization and CSRF vulnerabilities present a notable security risk. Immediate attention should be given to implementing proper authentication and authorization checks for all AJAX handlers to mitigate potential exploits.

Key Concerns

4 unprotected AJAX handlers
0 Nonce checks
2 High severity CVEs (historical)
History of CSRF & Improper Authorization

Vulnerabilities

Captchinoo, admin login page protection with Google recaptcha Security Vulnerabilities

CVEs by Year

2 CVEs in 2021

2021

Patched Has unpatched

Severity Breakdown

High

2 total CVEs

WF-245f8eec-d496-4298-800d-ea1120640e2d-captchinoo-captcha-for-login-form-protectionhigh · 8.8Cross-Site Request Forgery (CSRF)

Captchinoo, admin login page protection with Google recaptcha <= 2.4 - Cross-Site Request Forgery to Arbitrary Plugin Installation/Activation

Apr 22, 2021 Patched in 2.5 (1006d)

CVE-2021-24189high · 8.8Improper Authorization

Captchinoo Captcha <= 2.3 - Missing Authorization to Arbitrary Plugin Installation/Activation

Apr 22, 2021 Patched in 2.4 (1006d)

Code Analysis

Analyzed Mar 16, 2026

Captchinoo, admin login page protection with Google recaptcha Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped45 total outputs

Attack Surface

4 unprotected

Captchinoo, admin login page protection with Google recaptcha Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_captcha_action_callbacktemplate_one.php:10

noprivwp_ajax_captcha_action_callbacktemplate_one.php:11

authwp_ajax_my_ajax_get_icontemplate_one.php:15

noprivwp_ajax_my_ajax_get_icontemplate_one.php:16

WordPress Hooks 24

actionadmin_menuadmin\setting.php:9

actionadmin_initadmin\setting.php:10

actionadmin_footeradmin\setting.php:11

actionadmin_enqueue_scriptsadmin\setting.php:12

actionadmin_print_stylesadmin\setting.php:536

actionupgrader_process_completeCaptcha.php:28

actioninitCaptcha.php:99

actionupdated_optionCaptcha.php:126

actionauthenticategoogle_recaptha.php:7

actionlogin_initgoogle_recaptha.php:8

actionlogin_enqueue_scriptsgoogle_recaptha.php:82

actionlogin_formgoogle_recaptha.php:84

filterscript_loader_taggoogle_recaptha.php:127

actionadmin_bar_menuinc\plugin_menues_full.php:5

actionwp_enqueue_scriptsinc\plugin_menues_full.php:24

actionadmin_enqueue_scriptsinc\plugin_menues_full.php:26

actionauthenticatetemplate_one.php:7

actionlogin_inittemplate_one.php:9

actionlogin_enqueue_scriptstemplate_one.php:48

actionlogin_formtemplate_one.php:51

actionauthenticatetemplate_two.php:15

actionlogin_inittemplate_two.php:16

actionlogin_enqueue_scriptstemplate_two.php:46

actionlogin_formtemplate_two.php:47

Maintenance & Trust

Captchinoo, admin login page protection with Google recaptcha Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 2, 2025

PHP min version

Downloads15K

Community Trust

Rating100/100

Number of ratings3

Active installs300

Alternatives

Captchinoo, admin login page protection with Google recaptcha Alternatives

Cartpauj Register Captcha

cartpauj-register-captcha

100

Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress' default registration form.

1K 1 CVE

Advanced Google reCAPTCHA

advanced-google-recaptcha

Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.

200K 3 CVEs

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE

Captcha Code

captcha-code-authentication

GDPR compatible captcha anti-spam protection for login form, comments form, registration form & lost password form. Eliminate spam with captcha.

100K 2 CVEs

Contact Form 7 Captcha

contact-form-7-simple-recaptcha

Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.

100K 2 CVEs

Developer Profile

Captchinoo, admin login page protection with Google recaptcha Developer Profile

wp-buy

13 plugins · 355K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

926 days

View full developer profile

Detection Fingerprints

How We Detect Captchinoo, admin login page protection with Google recaptcha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/captchinoo-captcha-for-login-form-protection/css/style.css/wp-content/plugins/captchinoo-captcha-for-login-form-protection/js/captcha.js/wp-content/plugins/captchinoo-captcha-for-login-form-protection/js/custom.js

Version Parameters

/wp-content/plugins/captchinoo-captcha-for-login-form-protection/css/style.css?ver=/wp-content/plugins/captchinoo-captcha-for-login-form-protection/js/captcha.js?ver=/wp-content/plugins/captchinoo-captcha-for-login-form-protection/js/custom.js?ver=

HTML / DOM Fingerprints

CSS Classes

cap_free_ver_rowGoogle_reCAPTHA_row

Data Attributes

cap_free_ver_custom_data

FAQ