WP-Safety

GNA Google reCAPTCHA Security & Risk Analysis

wordpress.org/plugins/gna-google-recaptcha

This plugin allows you to implement Google reCAPTCHA (CAPTCHA) into your web forms.

10 active installs v0.9.8 PHP + WP 3.9+ Updated Sep 5, 2016
antianti-spamanti-spam-securityantispamantispam-security
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GNA Google reCAPTCHA Safe to Use in 2026?

Generally Safe

Score 85/100

GNA Google reCAPTCHA has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago
Risk Assessment

The gna-google-recaptcha plugin version 0.9.8 demonstrates a generally good security posture with no known historical vulnerabilities or critical static analysis findings. The absence of critical taint flows and dangerous functions is a significant strength. The plugin also correctly utilizes prepared statements for all SQL queries and includes a nonce check. However, concerns arise from the low percentage of properly escaped output, indicating a potential for cross-site scripting (XSS) vulnerabilities. Furthermore, while the attack surface is currently minimal (zero entry points), the lack of capability checks on any potential future entry points is a notable weakness that could be exploited if new functionalities are added without proper authorization checks.

The vulnerability history is clean, which is positive. However, this could also be attributed to the plugin's limited adoption or the lack of thorough security auditing over time. The analysis of flows with unsanitized paths, though not flagged as critical or high severity, warrants attention as it suggests areas where data might be processed without adequate sanitization, potentially leading to unexpected behavior or vulnerabilities under specific conditions if not handled carefully.

Key Concerns

  • Low output escaping percentage
  • No capability checks on entry points
  • Unsanitized paths in taint flows
Vulnerabilities
None known

GNA Google reCAPTCHA Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

GNA Google reCAPTCHA Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
23
2 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

8% escaped25 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths
captcha_verification (inc\gna-captcha-base.php:38)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

GNA Google reCAPTCHA Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actionadmin_menuadmin\gna-google-recaptcha-admin-init.php:15
actionadmin_initadmin\gna-google-recaptcha-admin-init.php:27
actioninitgna-google-recaptcha-core.php:21
filterplugin_row_metagna-google-recaptcha-core.php:22
actionwp_headinc\gna-captcha-comment.php:11
actioncomment_form_after_fieldsinc\gna-captcha-comment.php:13
actioncomment_form_logged_in_afterinc\gna-captcha-comment.php:14
actionpre_comment_on_postinc\gna-captcha-comment.php:15
actionlogin_enqueue_scriptsinc\gna-captcha-login.php:11
actionlogin_forminc\gna-captcha-login.php:13
actionwp_authenticate_userinc\gna-captcha-login.php:14
actionlogin_enqueue_scriptsinc\gna-captcha-regi.php:11
actionregister_forminc\gna-captcha-regi.php:13
actionregistration_errorsinc\gna-captcha-regi.php:14
actionlogin_enqueue_scriptsinc\gna-captcha-resetpw.php:11
actionlostpassword_forminc\gna-captcha-resetpw.php:13
actionallow_password_resetinc\gna-captcha-resetpw.php:14
Maintenance & Trust

GNA Google reCAPTCHA Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32
Last updatedSep 5, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

GNA Google reCAPTCHA Alternatives

reCaptcha by BestWebSoft

reCaptcha by BestWebSoft

google-captcha

A
98

Protect WordPress website forms from spam entries with Google reCAPTCHA.

100K 3 CVEs
Akismet Anti-spam: Spam Protection

Akismet Anti-spam: Spam Protection

akismet

A
99

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs
Antispam Bee

Antispam Bee

antispam-bee

A
100

Sophisticated antispam plugin for effective daily comment and trackback spam-fighting. Built with data protection and privacy in mind.

700K 1 CVE
Maspik – Ultimate Spam Protection

Maspik – Ultimate Spam Protection

contact-forms-anti-spam

A
96

No more fake leads or unwanted submissions — Maspik blocks spam instantly across all forms without using CAPTCHA.

30K 8 CVEs
WPBruiser {no- Captcha anti-Spam}

WPBruiser {no- Captcha anti-Spam}

goodbye-captcha

A
85

An extremely powerful antispam plugin that blocks spam-bots without annoying captcha images.

10K No CVEs
Developer Profile

GNA Google reCAPTCHA Developer Profile

Chris Mok

13 plugins · 280 total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect GNA Google reCAPTCHA

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gna-google-recaptcha/admin/gna-google-recaptcha-admin-style.css/wp-content/plugins/gna-google-recaptcha/inc/gna-captcha-base.css/wp-content/plugins/gna-google-recaptcha/inc/gna-captcha-style.css
Script Paths
https://www.google.com/recaptcha/api.js
Version Parameters
/wp-content/plugins/gna-google-recaptcha/admin/gna-google-recaptcha-admin-style.css?ver=/wp-content/plugins/gna-google-recaptcha/inc/gna-captcha-base.css?ver=/wp-content/plugins/gna-google-recaptcha/inc/gna-captcha-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
g-recaptcha
Data Attributes
data-sitekeydata-theme
JS Globals
g_googlerecaptcha
FAQ

Frequently Asked Questions about GNA Google reCAPTCHA