Does Login No Captcha reCAPTCHA have any unpatched vulnerabilities?

No. All known vulnerabilities in Login No Captcha reCAPTCHA have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Login No Captcha reCAPTCHA compatible with WordPress 6.4.8?

According to WordPress.org data, Login No Captcha reCAPTCHA 1.7.3 has been tested up to WordPress 6.4.8. Check the plugin's changelog for the latest compatibility information.

How often is Login No Captcha reCAPTCHA updated?

Login No Captcha reCAPTCHA was last updated on Feb 27, 2024. Frequent updates are generally a positive security signal.

What is Login No Captcha reCAPTCHA's security score?

Login No Captcha reCAPTCHA has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Login No Captcha reCAPTCHA Security & Risk Analysis

wordpress.org/plugins/login-recaptcha

Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.

60K active installs v1.7.3 PHP + WP 4.6+ Updated Feb 27, 2024

googleloginnocaptcharecaptchasecurity

A · Safe

CVEs total1

Unpatched0

Last CVEAug 16, 2022

Plugin page Download

Safety Verdict

Is Login No Captcha reCAPTCHA Safe to Use in 2026?

Generally Safe

Score 85/100

1 known CVELast CVE: Aug 16, 2022Updated 2yr ago

Risk Assessment

The login-recaptcha plugin version 1.7.3 exhibits a mixed security posture. On the positive side, the absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant strength, minimizing the direct attack surface. Furthermore, all identified SQL queries utilize prepared statements, which is excellent practice for preventing SQL injection vulnerabilities.

However, several concerning findings emerge from the static analysis. The most critical is that 100% of output is not properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis revealing two flows with unsanitized paths, although not classified as critical or high severity, warrants attention as these could potentially lead to unexpected behavior or further exploitation if not handled correctly. The plugin also makes external HTTP requests, which, while not inherently a vulnerability, can be a vector for certain types of attacks if the target endpoints are compromised or if data is transmitted insecurely.

The vulnerability history shows one past medium-severity CVE related to improper authorization, which was addressed. The fact that there are no currently unpatched vulnerabilities is positive, but the past occurrence of an authorization issue alongside the current lack of capability checks in the code analysis suggests that authorization mechanisms might not be consistently robust. The absence of nonce checks on any potential entry points (though none were identified as unprotected) is also a missed security control that could be relevant if new entry points were introduced or if current ones were implicitly exploitable in ways not immediately obvious from the static analysis.

In conclusion, while the plugin has a limited attack surface and uses prepared statements for SQL, the significant lack of output escaping presents a substantial risk of XSS. The past CVE and current lack of capability checks also highlight potential weaknesses in authorization handling. A thorough review and remediation of unescaped outputs are strongly recommended.

Key Concerns

100% of outputs not properly escaped
Taint analysis found 2 unsanitized paths
Past medium vulnerability (Improper Authorization)
No nonce checks
No capability checks

Vulnerabilities

Login No Captcha reCAPTCHA Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2022-2913medium · 5.3Improper Authorization

Aug 16, 2022 Patched in 1.7 (525d)

Code Analysis

Analyzed Mar 16, 2026

Login No Captcha reCAPTCHA Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped15 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

authenticate (login-nocaptcha.php:275)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Login No Captcha reCAPTCHA Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 22

actionplugins_loadedlogin-nocaptcha.php:21

actionadmin_menulogin-nocaptcha.php:22

actionadmin_initlogin-nocaptcha.php:23

actionadmin_noticeslogin-nocaptcha.php:24

actionlogin_enqueue_scriptslogin-nocaptcha.php:31

actionadmin_enqueue_scriptslogin-nocaptcha.php:32

actionlogin_formlogin-nocaptcha.php:35

actionregister_formlogin-nocaptcha.php:36

actionsignup_extra_fieldslogin-nocaptcha.php:37

actionlostpassword_formlogin-nocaptcha.php:38

filterregistration_errorslogin-nocaptcha.php:42

actionlostpassword_postlogin-nocaptcha.php:43

filterauthenticatelogin-nocaptcha.php:44

filtershake_error_codeslogin-nocaptcha.php:45

actionplugins_loadedlogin-nocaptcha.php:46

actionwoocommerce_register_postlogin-nocaptcha.php:53

actionwoocommerce_register_formlogin-nocaptcha.php:54

actionwp_headlogin-nocaptcha.php:61

actionwoocommerce_login_formlogin-nocaptcha.php:62

actionwoocommerce_lostpassword_formlogin-nocaptcha.php:63

actionwoocommerce_register_postlogin-nocaptcha.php:64

actionwoocommerce_register_formlogin-nocaptcha.php:65

Maintenance & Trust

Login No Captcha reCAPTCHA Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8

Last updatedFeb 27, 2024

PHP min version

Downloads1.4M

Community Trust

Rating90/100

Number of ratings63

Active installs60K

Alternatives

Login No Captcha reCAPTCHA Alternatives

Power Captcha reCAPTCHA

power-captcha-recaptcha

Protect WordPress/WooCommerce/Contact Form 7 forms from spam, brute-force attacks, fake comments, accounts, or registrations with Google reCAPTCHA.

1K No CVEs

Checkout Captcha for WooCommerce

jkm-checkout-captcha-for-woo

Adds reCAPTCHA verification to WooCommerce checkout, login, registration, and password reset forms to prevent spam and bot transactions.

40 No CVEs

ThinkCaptcha – Login Captcha, Register Captcha & Checkout reCAPTCHA

thinkcaptcha

100

Secure WordPress & WooCommerce forms with Google reCAPTCHA. Stop spam, bots, and brute-force attacks effectively.

40 No CVEs

Login With Google reCaptcha For WordPress And Woocomerce

evg-google-recaptcha

Extended WordPress\Woocomerce Login With Google reCaptcha and hiding user/password errors

10 No CVEs

Protect Ai Login

protect-ai-login

Change default login site to a custom URL, block spam, bot registration, and brute-force using Google reCAPTCHA.

10 No CVEs

Developer Profile

Login No Captcha reCAPTCHA Developer Profile

Robert Peake

3 plugins · 61K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

525 days

View full developer profile

Detection Fingerprints

How We Detect Login No Captcha reCAPTCHA

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/login-recaptcha/css/login-recaptcha.css/wp-content/plugins/login-recaptcha/js/login-recaptcha.js

Script Paths

https://www.google.com/recaptcha/api.js

Version Parameters

/wp-content/plugins/login-recaptcha/css/login-recaptcha.css?ver=/wp-content/plugins/login-recaptcha/js/login-recaptcha.js?ver=

HTML / DOM Fingerprints

FAQ