Does Really Simple CAPTCHA for cformsII have any unpatched vulnerabilities?

No. All known vulnerabilities in Really Simple CAPTCHA for cformsII have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Really Simple CAPTCHA for cformsII compatible with WordPress 6.5.8?

According to WordPress.org data, Really Simple CAPTCHA for cformsII 1.4 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is Really Simple CAPTCHA for cformsII updated?

Really Simple CAPTCHA for cformsII was last updated on Apr 13, 2024. Frequent updates are generally a positive security signal.

What is Really Simple CAPTCHA for cformsII's security score?

Really Simple CAPTCHA for cformsII has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Really Simple CAPTCHA for cformsII Security & Risk Analysis

wordpress.org/plugins/cforms2-really-simple-captcha

Beginning with version 14.9.1 cformsII has pluggable captcha support. This plugin makes use of that by providing an implementation for the Really Simp …

300 active installs v1.4 PHP + WP 5.2+ Updated Apr 13, 2024

captchacforms2protectionspamverification

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Really Simple CAPTCHA for cformsII Safe to Use in 2026?

Generally Safe

Score 92/100

Really Simple CAPTCHA for cformsII has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "cforms2-really-simple-captcha" v1.4 plugin exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. Furthermore, the presence of nonce checks and capability checks on all identified entry points (AJAX handlers) demonstrates good practice in preventing unauthorized access and actions.

However, a minor concern arises from the output escaping. While a majority of outputs are properly escaped, the 33% that are not could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not adequately sanitized before being displayed. The lack of any recorded CVEs or past vulnerabilities is a positive indicator, suggesting a history of responsible development or a lack of attractive targets for attackers. Overall, the plugin appears secure, with the primary area for improvement being more robust output escaping across all outputs.

Key Concerns

Unescaped output exists

Vulnerabilities

None known

Really Simple CAPTCHA for cformsII Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Really Simple CAPTCHA for cformsII Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped12 total outputs

Attack Surface

Really Simple CAPTCHA for cformsII Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 2

authwp_ajax_cforms2_rsc_reset_captchacforms2_really_simple_captcha.php:84

noprivwp_ajax_cforms2_rsc_reset_captchacforms2_really_simple_captcha.php:85

WordPress Hooks 4

actionadmin_menucforms2_really_simple_captcha.php:299

actionadmin_initcforms2_really_simple_captcha.php:300

actionadmin_enqueue_scriptscforms2_really_simple_captcha.php:301

actioninitcforms2_really_simple_captcha.php:310

Maintenance & Trust

Really Simple CAPTCHA for cformsII Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedApr 13, 2024

PHP min version

Downloads11K

Community Trust

Rating60/100

Number of ratings2

Active installs300

Alternatives

Really Simple CAPTCHA for cformsII Alternatives

OhmTang CFT

ohmtang-cft

100

Integrate Cloudflare Turnstile CAPTCHA for WordPress & WooCommerce forms with custom error messages, each form controlled individually

0 No CVEs

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE

Contact Form 7 Captcha

contact-form-7-simple-recaptcha

Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.

100K 2 CVEs

Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

captcha-bws

1 The Ultimate Spam Protection Plugin Using Captcha for WordPress Forms.

10K 2 CVEs

Developer Profile

Really Simple CAPTCHA for cformsII Developer Profile

bgermann

2 plugins · 4K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

2487 days

View full developer profile

Detection Fingerprints

How We Detect Really Simple CAPTCHA for cformsII

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cforms2-really-simple-captcha/cforms2_really_simple_captcha.js

Script Paths

/wp-content/plugins/cforms2-really-simple-captcha/cforms2_really_simple_captcha.js

Version Parameters

cforms2_really_simple_captcha/cforms2_really_simple_captcha.js?ver=

HTML / DOM Fingerprints

CSS Classes

cforms2_really_simple_captcha_imgcaptcha-reset

Data Attributes

data-nonce

JS Globals

cforms2_rsc_ajax

REST Endpoints

/wp-json/cforms2-really-simple-captcha/v1/captcha

Shortcode Output

<input type="text" name="captcha" id="

FAQ