Does Logical Captcha have any unpatched vulnerabilities?

No. All known vulnerabilities in Logical Captcha have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Logical Captcha compatible with WordPress 2.8.4?

According to WordPress.org data, Logical Captcha 1.0.3 has been tested up to WordPress 2.8.4. Check the plugin's changelog for the latest compatibility information.

How often is Logical Captcha updated?

Logical Captcha was last updated on Aug 24, 2009. Frequent updates are generally a positive security signal.

What is Logical Captcha's security score?

Logical Captcha has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Logical Captcha Security & Risk Analysis

wordpress.org/plugins/logical-captcha

Integrates a logic captcha to verify that the registrant is a human and not a spam bot instead of using distorted images or audio.

10 active installs v1.0.3 PHP + WP 2.7.1+ Updated Aug 24, 2009

captcharegisterregistrationspamusers

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Logical Captcha Safe to Use in 2026?

Generally Safe

Score 85/100

Logical Captcha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The "logical-captcha" v1.0.3 plugin exhibits a generally strong security posture based on the static analysis provided. It effectively minimizes its attack surface, with no exposed AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, it demonstrates good practice by not utilizing dangerous functions or performing file operations and external HTTP requests. The use of prepared statements for all SQL queries is a significant strength, mitigating common SQL injection risks. However, a critical concern arises from the fact that 100% of the observed output is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis also reveals two flows with unsanitized paths, which, while not classified as critical or high severity in this report, warrant attention due to the lack of sanitization. The plugin's vulnerability history is clean, with no recorded CVEs, which is positive but does not negate the risks identified in the static analysis. While the plugin has strengths in its limited attack surface and SQL handling, the lack of output escaping represents a substantial security weakness that requires immediate remediation.

Key Concerns

Output not properly escaped
Flows with unsanitized paths

Vulnerabilities

None known

Logical Captcha Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Logical Captcha Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped5 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

logical_captcha_options (logical-captcha.php:101)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Logical Captcha Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionregister_formlogical-captcha.php:33

actionregister_postlogical-captcha.php:34

actionadmin_menulogical-captcha.php:35

Maintenance & Trust

Logical Captcha Maintenance & Trust

Maintenance Signals

WordPress version tested2.8.4

Last updatedAug 24, 2009

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Logical Captcha Alternatives

Users Registration Date

users-registered-list

100

New sortable "Registered" date column on the Users page in wp-admin area to see when each user has registered on a site.

2K No CVEs

Disable WP Registration Page Spam

disable-wp-registration-page-spam

Disable default WordPress registration page, remove register link and stop registration spam, without disabling user registration.

1K No CVEs

User Spam Remover

user-spam-remover

Automatically removes spam user registrations and other old, unused user accounts. Blocks annoying e-mail to administrator after new registrations.

1K 1 unpatched

WM Simple Captcha

wm-simple-captcha

Captcha image for registration page, customize according to your theme.

100 No CVEs

Fake User Detector

fake-user-detector

100

Detect and flag suspicious existing user accounts using simple checks to help clean up fake or low-quality registrations.

30 No CVEs

Developer Profile

Logical Captcha Developer Profile

lioncourt

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Logical Captcha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Shortcode Output

<p>You must answer the following question to proceed.</p>

<p><input type="text" name="logical_answer" title="The Answer" size="20" />

FAQ