Does Pow Captcha have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Pow Captcha compatible with WordPress 6.8.5?

According to WordPress.org data, Pow Captcha 1.0.22 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Pow Captcha compatible with PHP 7.4+?

Pow Captcha requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Pow Captcha updated?

Pow Captcha was last updated on Feb 2, 2026. Frequent updates are generally a positive security signal.

What is Pow Captcha's security score?

Pow Captcha has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pow Captcha Security & Risk Analysis

wordpress.org/plugins/pow-captcha

Adds Pow Captcha verification to forms to prevent spam and bot submissions.

70 active installs v1.0.22 PHP 7.4+ WP 5.0+ Updated Feb 2, 2026

captchacontact-form-7formsgravity-formssecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Pow Captcha Safe to Use in 2026?

Generally Safe

Score 100/100

Pow Captcha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The 'pow-captcha' plugin, in version 1.0.22, presents a concerning security posture primarily due to its unprotected entry points. With two AJAX handlers identified and neither having authentication checks, an unauthenticated attacker could potentially interact with these handlers and trigger unintended actions. While the plugin shows good practices by using prepared statements for SQL queries and generally escaping output, the lack of authorization on AJAX endpoints is a significant weakness. The presence of the `unserialize` function, although not directly linked to an exploit in this static analysis, always warrants caution as it can be a vector for code execution if used with untrusted input.

The vulnerability history is clean, with no recorded CVEs. This is a positive sign, suggesting the developers may have a good understanding of secure coding practices or have not yet been targeted. However, this lack of history does not negate the risks identified in the code analysis. The limited attack surface (only two AJAX handlers) is a strength, but its unprotected nature is a critical flaw.

In conclusion, while 'pow-captcha' demonstrates some strengths in secure SQL handling and output escaping, the lack of authorization on its AJAX endpoints is a critical vulnerability. The presence of `unserialize` also adds to the potential risk. The absence of any historical vulnerabilities is encouraging but should not lead to complacency given the present code-level concerns. Prioritizing the addition of authentication and capability checks to the AJAX handlers is essential for improving the plugin's security.

Key Concerns

AJAX handlers without auth checks
AJAX handlers without capability checks
Dangerous function: unserialize

Vulnerabilities

None known

Pow Captcha Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Pow Captcha Release Timeline

v1.0.22Current

v1.0.21

v1.0.20

v1.0.19

v1.0.18

v1.0.17

v1.0.16

Code Analysis

Analyzed Mar 16, 2026

Pow Captcha Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$data = unserialize($serialized);src\FileCache.php:95

Output Escaping

94% escaped34 total outputs

Attack Surface

2 unprotected

Pow Captcha Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_pow_captcha_get_widgetsrc\Core.php:41

noprivwp_ajax_pow_captcha_get_widgetsrc\Core.php:42

WordPress Hooks 19

actionadmin_menusrc\Admin.php:12

filterplugin_action_links_pow-captcha/pow-captcha.phpsrc\Admin.php:13

actionadmin_noticessrc\Admin.php:17

filterwpcf7_form_elementssrc\Modules\ContactForm7.php:17

actionwp_enqueue_scriptssrc\Modules\ContactForm7.php:24

filterwpcf7_spamsrc\Modules\ContactForm7.php:25

actionwpcf7_initsrc\Modules\ContactForm7.php:26

filtergform_form_tagsrc\Modules\GravityForms.php:20

actiongform_enqueue_scriptssrc\Modules\GravityForms.php:23

filtergform_validationsrc\Modules\GravityForms.php:26

filtergform_form_settings_fieldssrc\Modules\GravityForms.php:30

filtergform_form_settingssrc\Modules\GravityForms.php:32

filtergform_pre_form_settings_savesrc\Modules\GravityForms.php:35

actionlogin_formsrc\Modules\Login.php:16

actionwoocommerce_login_formsrc\Modules\Login.php:17

actionlogin_enqueue_scriptssrc\Modules\Login.php:19

actionwp_enqueue_scriptssrc\Modules\Login.php:20

filterauthenticatesrc\Modules\Login.php:21

actionadmin_initsrc\Settings.php:12

Maintenance & Trust

Pow Captcha Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedFeb 2, 2026

PHP min version7.4

Downloads683

Community Trust

Rating0/100

Number of ratings0

Active installs70

Alternatives

Pow Captcha Alternatives

Gravity Forms Zero Spam

gravity-forms-zero-spam

100

Enhance your Gravity Forms to include anti-spam measures originally based on the work of David Walsh's "Zero Spam" technique.

100K No CVEs

Image CAPTCHA for Contact Form 7 and WPForms by HookAndHook (DSGVO/GDPR)

contact-form-7-image-captcha

100

Adds an Image CAPTCHA to Contact Form 7 and WPForms, GDPR ready, perfect WPForms or Contact Form 7 Spam Protection Image CAPTCHA, adds a honeypot

80K No CVEs

Gravity Forms No CAPTCHA reCAPTCHA

gravity-forms-no-captcha-recaptcha

Adds "No CAPTCHA reCAPTCHA" field to Gravity Forms as an alternative CAPTCHA option

10K No CVEs

WP Contact Slider – Contact Form Slider Widget

wp-contact-slider

Helps you to show slide out contact form to display CF7, Gravity forms, Ninja Forms, WP Forms, display random text/HTML and support some other forms.

10K 2 CVEs

$WP Advanced Math Captcha$

WP Advanced Math Captcha

wp-advanced-math-captcha

100

Protect your WordPress site with a powerful and user-friendly Math Captcha. Now with seamless WooCommerce, WPForms, and Formidable Forms integration!

7K No CVEs

Developer Profile

Pow Captcha Developer Profile

aeyoll

1 plugin · 70 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Pow Captcha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pow-captcha/assets/css/pow-captcha-widget.css/wp-content/plugins/pow-captcha/assets/js/pow-captcha.js/wp-content/plugins/pow-captcha/assets/js/pow-captcha-widget.js

Generator Patterns

Pow Captcha

Script Paths

/wp-content/plugins/pow-captcha/assets/js/pow-captcha.js/wp-content/plugins/pow-captcha/assets/js/pow-captcha-widget.js

Version Parameters

pow-captcha/assets/css/pow-captcha-widget.css?ver=pow-captcha/assets/js/pow-captcha.js?ver=pow-captcha/assets/js/pow-captcha-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes

pow-captcha-widget-containerpow-captcha-widget

HTML Comments

Data Attributes

data-pow-captcha-site-key

JS Globals

powCaptchaLoadsqrCaptchaInitDoneisPowCaptchaLoading

Shortcode Output

<div class="pow-captcha-widget-container" data-pow-captcha-site-key="

FAQ