WP-Safety

Invisible reCaptcha for WordPress Security & Risk Analysis

wordpress.org/plugins/invisible-recaptcha

Invisible reCaptcha for WordPress plugin helps you to protect your sites against bad spam bots using the new Invisible reCaptcha by Google.

90K active installs v1.2.3 PHP + WP 4.0+ Updated Apr 7, 2020
contact-form-7-invisible-recaptchainvisible-recaptchawoocommerce-invisible-recaptcha
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Invisible reCaptcha for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

Invisible reCaptcha for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The static analysis of "invisible-recaptcha" v1.2.3 reveals a mixed security posture. While the plugin demonstrates good practices by having no exposed AJAX handlers, REST API routes, shortcodes, or cron events without proper authentication or permission checks, and no recorded historical vulnerabilities, there are significant concerns within its code signals. The presence of two instances of the dangerous `exec` function is a major red flag, as it can lead to remote code execution if not handled with extreme caution and proper sanitization. Furthermore, the fact that 100% of SQL queries are not using prepared statements is a serious vulnerability, increasing the risk of SQL injection attacks. The relatively low rate of properly escaped output (53%) also suggests potential for cross-site scripting (XSS) vulnerabilities. The lack of any taint analysis results could indicate either a very simple codebase or a limitation in the analysis tool's ability to detect complex data flows, but given the other signals, it should not be seen as confirmation of safety.

Key Concerns

  • Dangerous function 'exec' found
  • Raw SQL queries without prepared statements
  • Low percentage of properly escaped output
Vulnerabilities
None known

Invisible reCaptcha for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Invisible reCaptcha for WordPress Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
0 prepared
Unescaped Output
24
27 escaped
Nonce Checks
1
Capability Checks
1
File Operations
23
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

execexec($cmd, $output, $error);includes\WordPress\Uploader.php:1027
execexec($cmd, $output, $error);includes\WordPress\Uploader.php:1053

SQL Query Safety

0% prepared1 total queries

Output Escaping

53% escaped51 total outputs
Attack Surface

Invisible reCaptcha for WordPress Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 18
actiongoogle_invre_render_widget_actionengine\PublicEngine.php:30
filtergoogle_invre_is_valid_request_filterengine\PublicEngine.php:31
filtergoogle_invre_widget_output_html_filterengine\PublicEngine.php:32
actionlogin_enqueue_scriptsengine\PublicEngine.php:143
actioncurrent_screenincludes\plugin\MchBaseAdminPage.php:49
actioncurrent_screenincludes\plugin\MchBaseAdminPage.php:51
actionadmin_noticesincludes\plugin\MchBaseAdminPage.php:53
actionshutdownincludes\plugin\MchBaseAdminPage.php:278
actionadmin_initincludes\plugin\MchBaseAdminPlugin.php:19
actionadmin_enqueue_scriptsincludes\plugin\MchBaseAdminPlugin.php:23
actionadmin_enqueue_scriptsincludes\plugin\MchBaseAdminPlugin.php:141
actioninitincludes\plugin\MchBasePlugin.php:26
actionwp_enqueue_scriptsincludes\plugin\MchBasePublicPlugin.php:18
actionafter_setup_themeincludes\plugin\MchBasePublicPlugin.php:19
filtercron_schedulesincludes\task-scheduler\MchGdbcWpTaskScheduler.php:34
actioninitincludes\WordPress\Routing\Router.php:27
actionparse_requestincludes\WordPress\Routing\Router.php:29
actionwp_loadedincludes\WordPress\Routing\Router.php:31
Maintenance & Trust

Invisible reCaptcha for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedApr 7, 2020
PHP min version
Downloads858K

Community Trust

Rating86/100
Number of ratings133
Active installs90K
Alternatives

Invisible reCaptcha for WordPress Alternatives

CF7 Invisible reCAPTCHA

CF7 Invisible reCAPTCHA

cf7-invisible-recaptcha

B
84

CF7 Invisible reCAPTCHA plugin is an effective solution that secures your Contact form 7 forms on WordPress websites from spam entries while letting h …

7K 2 CVEs
Invisible Anti Spam for Contact Form 7 (Simple No-Bot)

Invisible Anti Spam for Contact Form 7 (Simple No-Bot)

simple-no-bot

A
85

Simple, lightweight, no captcha, no configuration. Just works.

200 No CVEs
Developer Profile

Invisible reCaptcha for WordPress Developer Profile

MihChe

2 plugins · 100K total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Invisible reCaptcha for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/invisible-recaptcha/assets/admin/styles/invisible-recaptcha.css
Script Paths
https://www.google.com/recaptcha/api.js
Version Parameters
invisible-recaptcha/assets/admin/styles/invisible-recaptcha.css?ver=

HTML / DOM Fingerprints

CSS Classes
g-recaptcha
Data Attributes
data-sitekeydata-sizedata-badge
JS Globals
renderInvisibleReCaptchagrecaptcha
FAQ

Frequently Asked Questions about Invisible reCaptcha for WordPress