WP-Safety

Kitgenix CAPTCHA for Cloudflare Turnstile Security & Risk Analysis

wordpress.org/plugins/kitgenix-captcha-for-cloudflare-turnstile

Add Cloudflare Turnstile to WordPress, WooCommerce, Elementor, and popular form plugins. Privacy-first spam protection with server-side verification.

300 active installs v1.0.17 PHP 8.1+ WP 6.0+ Updated Feb 19, 2026
anti-spamcaptchacloudflareturnstilewoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Kitgenix CAPTCHA for Cloudflare Turnstile Safe to Use in 2026?

Generally Safe

Score 100/100

Kitgenix CAPTCHA for Cloudflare Turnstile has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The kitgenix-captcha-for-cloudflare-turnstile plugin v1.0.17 demonstrates a generally good security posture with no known CVEs and strong practices regarding SQL query sanitization and capability checks. The static analysis reveals no critical or high severity taint flows, and importantly, all identified entry points (shortcodes) lack direct authentication checks, which is a potential concern as these could be triggered by unauthenticated users. However, the absence of AJAX handlers and REST API routes without permission callbacks mitigates this risk to some extent. A significant area for improvement lies in output escaping, where only 38% of outputs are properly escaped, indicating a moderate risk of Cross-Site Scripting (XSS) vulnerabilities, particularly if user-supplied data is involved in rendering content within the shortcode outputs. The plugin's clean vulnerability history is a positive sign, suggesting a proactive approach to security by the developers, but the output escaping weakness needs attention.

Key Concerns

  • Unescaped output detected
  • Shortcodes lack explicit authentication checks
Vulnerabilities
None known

Kitgenix CAPTCHA for Cloudflare Turnstile Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Kitgenix CAPTCHA for Cloudflare Turnstile Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
278
174 escaped
Nonce Checks
3
Capability Checks
8
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

38% escaped452 total outputs
Data Flows
All sanitized

Data Flow Analysis

1 flows
<class-turnstile-validator> (includes\core\class-turnstile-validator.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Kitgenix CAPTCHA for Cloudflare Turnstile Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[kitgenix_turnstile] includes\integrations\forms\contact-form-7.php:75
[kitgenix_turnstile] includes\integrations\forms\forminator-forms.php:79
[kitgenix_turnstile] includes\integrations\forms\forminator-forms.php:152
[kitgenix_turnstile] includes\integrations\forms\jetpack-forms.php:79
WordPress Hooks 83
actionedd_purchase_form_before_submitincludes\integrations\ecommerce\class-easy-digital-downloads.php:33
actionedd_checkout_error_checksincludes\integrations\ecommerce\class-easy-digital-downloads.php:36
filteredd_login_formincludes\integrations\ecommerce\class-easy-digital-downloads.php:42
actionedd_process_login_formincludes\integrations\ecommerce\class-easy-digital-downloads.php:43
actionedd_register_fields_afterincludes\integrations\ecommerce\class-easy-digital-downloads.php:48
actionedd_process_register_formincludes\integrations\ecommerce\class-easy-digital-downloads.php:49
actionedd_profile_editor_after_password_fieldsincludes\integrations\ecommerce\class-easy-digital-downloads.php:57
actionedd_pre_update_user_profileincludes\integrations\ecommerce\class-easy-digital-downloads.php:58
filterrender_block_woocommerce/checkout-actions-blockincludes\integrations\ecommerce\class-woocommerce-blocks.php:22
filterrest_authentication_errorsincludes\integrations\ecommerce\class-woocommerce-blocks.php:25
actionwoocommerce_store_api_checkout_update_order_from_requestincludes\integrations\ecommerce\class-woocommerce-blocks.php:28
actionwoocommerce_review_order_before_submitincludes\integrations\ecommerce\class-woocommerce.php:33
actionwoocommerce_checkout_processincludes\integrations\ecommerce\class-woocommerce.php:34
actionwoocommerce_after_checkout_validationincludes\integrations\ecommerce\class-woocommerce.php:35
actionwoocommerce_login_formincludes\integrations\ecommerce\class-woocommerce.php:40
filterwoocommerce_process_login_errorsincludes\integrations\ecommerce\class-woocommerce.php:43
filterwoocommerce_login_errorsincludes\integrations\ecommerce\class-woocommerce.php:44
actionwoocommerce_register_formincludes\integrations\ecommerce\class-woocommerce.php:49
actionwoocommerce_register_postincludes\integrations\ecommerce\class-woocommerce.php:50
actionwoocommerce_lostpassword_formincludes\integrations\ecommerce\class-woocommerce.php:56
actionwoocommerce_resetpassword_formincludes\integrations\ecommerce\class-woocommerce.php:60
actionwoocommerce_reset_password_formincludes\integrations\ecommerce\class-woocommerce.php:61
actionwoocommerce_reset_password_validationincludes\integrations\ecommerce\class-woocommerce.php:64
filterrender_block_woocommerce/checkout-actions-blockincludes\integrations\ecommerce\class-woocommerce.php:72
filterrest_request_before_callbacksincludes\integrations\ecommerce\class-woocommerce.php:79
filterwpcf7_form_elementsincludes\integrations\forms\contact-form-7.php:32
filterwpcf7_form_elementsincludes\integrations\forms\contact-form-7.php:41
filterwpcf7_validateincludes\integrations\forms\contact-form-7.php:44
filterfluentform_rendering_field_dataincludes\integrations\forms\fluent-forms.php:30
filterfluentform_rendering_field_dataincludes\integrations\forms\fluent-forms.php:36
actionfluentform/render_item_submit_buttonincludes\integrations\forms\fluent-forms.php:40
filterfluentform_submit_validationincludes\integrations\forms\fluent-forms.php:43
filterfrm_submit_button_htmlincludes\integrations\forms\formidable-forms.php:30
actionfrm_validate_entryincludes\integrations\forms\formidable-forms.php:33
filterforminator_render_form_submit_markupincludes\integrations\forms\forminator-forms.php:33
filterforminator_custom_form_submit_errorsincludes\integrations\forms\forminator-forms.php:36
filtergform_submit_buttonincludes\integrations\forms\gravity-forms.php:29
filtergform_validationincludes\integrations\forms\gravity-forms.php:32
actionjet-form-builder/after-start-form-rowincludes\integrations\forms\jetformbuilder.php:39
actionjet-form-builder/form-handler/before-sendincludes\integrations\forms\jetformbuilder.php:43
filterjetpack_contact_form_htmlincludes\integrations\forms\jetpack-forms.php:29
filterjetpack_contact_form_is_spamincludes\integrations\forms\jetpack-forms.php:32
filterkadence_blocks_form_submit_button_htmlincludes\integrations\forms\kadence-forms.php:30
filterkadence_blocks_form_pre_processincludes\integrations\forms\kadence-forms.php:33
filterwpforms_display_fieldsincludes\integrations\forms\wpforms.php:33
actionwpforms_display_after_fieldsincludes\integrations\forms\wpforms.php:38
actionwpforms_display_submit_beforeincludes\integrations\forms\wpforms.php:39
actionwpforms_processincludes\integrations\forms\wpforms.php:42
actionbbp_theme_before_topic_form_submit_wrapperincludes\integrations\forums\bbpress.php:53
actionbbp_theme_before_reply_form_submit_wrapperincludes\integrations\forums\bbpress.php:54
actionbbp_theme_before_topic_form_submit_buttonincludes\integrations\forums\bbpress.php:56
actionbbp_theme_before_reply_form_submit_buttonincludes\integrations\forums\bbpress.php:57
actionbbp_theme_after_topic_formincludes\integrations\forums\bbpress.php:59
actionbbp_theme_after_reply_formincludes\integrations\forums\bbpress.php:60
actionbbp_theme_before_forum_form_submit_wrapperincludes\integrations\forums\bbpress.php:64
actionbbp_theme_after_forum_formincludes\integrations\forums\bbpress.php:65
actionbbp_new_topic_pre_extrasincludes\integrations\forums\bbpress.php:68
actionbbp_new_reply_pre_extrasincludes\integrations\forums\bbpress.php:69
actionbbp_new_forum_pre_extrasincludes\integrations\forums\bbpress.php:72
actionbbp_new_forum_pre_insertincludes\integrations\forums\bbpress.php:73
actionbp_before_registration_submit_buttonsincludes\integrations\forums\buddypress.php:26
actionbp_before_activity_post_formincludes\integrations\forums\buddypress.php:31
actionbp_actionsincludes\integrations\forums\buddypress.php:34
actionelementor_pro/forms/render_form_after_fieldsincludes\integrations\page-builder\class-elementor.php:42
actionelementor_pro/forms/validationincludes\integrations\page-builder\class-elementor.php:45
actionwp_enqueue_scriptsincludes\integrations\page-builder\class-elementor.php:48
actionwp_footerincludes\integrations\page-builder\class-elementor.php:51
actionlogin_formincludes\integrations\wordpress\class-wp-core.php:36
actionregister_formincludes\integrations\wordpress\class-wp-core.php:39
actionlostpassword_formincludes\integrations\wordpress\class-wp-core.php:42
actionresetpass_formincludes\integrations\wordpress\class-wp-core.php:44
filtercomment_form_submit_fieldincludes\integrations\wordpress\class-wp-core.php:51
filterauthenticateincludes\integrations\wordpress\class-wp-core.php:56
filterregistration_errorsincludes\integrations\wordpress\class-wp-core.php:59
actionlostpassword_postincludes\integrations\wordpress\class-wp-core.php:62
actionvalidate_password_resetincludes\integrations\wordpress\class-wp-core.php:63
filterpreprocess_commentincludes\integrations\wordpress\class-wp-core.php:66
actionadmin_headkitgenix-captcha-for-cloudflare-turnstile.php:75
actionadmin_menukitgenix-captcha-for-cloudflare-turnstile.php:94
actionadmin_enqueue_scriptskitgenix-captcha-for-cloudflare-turnstile.php:465
actionplugins_loadedkitgenix-captcha-for-cloudflare-turnstile.php:512
actionadmin_noticeskitgenix-captcha-for-cloudflare-turnstile.php:521
actionadmin_initkitgenix-captcha-for-cloudflare-turnstile.php:558
Maintenance & Trust

Kitgenix CAPTCHA for Cloudflare Turnstile Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 19, 2026
PHP min version8.1
Downloads2K

Community Trust

Rating100/100
Number of ratings5
Active installs300
Alternatives

Kitgenix CAPTCHA for Cloudflare Turnstile Alternatives

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor

Easy Spam Filter – Privacy-Friendly CAPTCHA Alternative with Turnstile for Contact Form 7, WPForms, BuddyPress, Elementor

wppool-turnstile-captcha-spam-filter

A
100

Add Cloudflare Turnstile to WordPress, Contact Form 7, WooCommerce, WPForms, BuddyPress & Elementor. A CAPTCHA, reCAPTCHA alternative for WordPress.

1K No CVEs
BWG CF Turnstile

BWG CF Turnstile

bwg-cf-turnstile

A
100

Add Cloudflare Turnstile protection to your Gravity Forms to prevent spam and bot submissions.

20 No CVEs
CubeMage Login Guard

CubeMage Login Guard

cubemage-login-guard

A
100

Integrates Cloudflare Turnstile, Limits Login Attempts, and Disables XML-RPC to protect WordPress forms.

0 No CVEs
Smart CAPTCHA Alternative with Cloudflare Turnstile

Smart CAPTCHA Alternative with Cloudflare Turnstile

smart-captcha-alternative-with-cloudflare-turnstile

A
100

Protect WordPress forms from spam using Cloudflare Turnstile. A privacy-friendly CAPTCHA alternative.

0 No CVEs
CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

A
99

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE
Developer Profile

Kitgenix CAPTCHA for Cloudflare Turnstile Developer Profile

Kitgenix

5 plugins · 310 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Kitgenix CAPTCHA for Cloudflare Turnstile

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/kitgenix-captcha-for-cloudflare-turnstile/assets/css/kitgenix-captcha-admin.css/wp-content/plugins/kitgenix-captcha-for-cloudflare-turnstile/assets/js/kitgenix-captcha-admin.js/wp-content/plugins/kitgenix-captcha-for-cloudflare-turnstile/assets/js/kitgenix-captcha-frontend.js
Script Paths
/wp-content/plugins/kitgenix-captcha-for-cloudflare-turnstile/assets/js/kitgenix-captcha-admin.js/wp-content/plugins/kitgenix-captcha-for-cloudflare-turnstile/assets/js/kitgenix-captcha-frontend.js
Version Parameters
kitgenix-captcha-for-cloudflare-turnstile/assets/css/kitgenix-captcha-admin.css?ver=kitgenix-captcha-for-cloudflare-turnstile/assets/js/kitgenix-captcha-admin.js?ver=kitgenix-captcha-for-cloudflare-turnstile/assets/js/kitgenix-captcha-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
kitgenix-captcha-settings-sectionkitgenix-captcha-settings-fieldkitgenix-captcha-field-labelkitgenix-captcha-field-inputkitgenix-captcha-field-descriptionkitgenix-captcha-field-wrapperkitgenix-captcha-submit-buttonkitgenix-captcha-status-message+1 more
HTML Comments
<!-- Kitgenix CAPTCHA Settings --><!-- End Kitgenix CAPTCHA Settings --><!-- Kitgenix Turnstile Widget Container --><!-- End Kitgenix Turnstile Widget Container -->
Data Attributes
data-kitgenix-captcha-sitekeydata-kitgenix-captcha-themedata-kitgenix-captcha-actiondata-kitgenix-captcha-callbackdata-kitgenix-captcha-expired-callback
JS Globals
window.kitgenixCaptchaSettingswindow.kitgenixCaptchaRender
REST Endpoints
/wp-json/kitgenix-captcha/v1/settings/wp-json/kitgenix-captcha/v1/verify
Shortcode Output
[kitgenix_captcha_turnstile]
FAQ

Frequently Asked Questions about Kitgenix CAPTCHA for Cloudflare Turnstile