Does R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) have any unpatched vulnerabilities?

No. All known vulnerabilities in R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) Security & Risk Analysis

wordpress.org/plugins/r2k-captcha

Protect your WordPress website from spam and abuse with R2K Security Captcha. This plugin offers powerful security by integrating with two of the most …

30 active installs v1.0.3 PHP 8.0+ WP 6.0+ Updated Dec 16, 2025

captcharecaptcharecaptcha-enterprisesecuresecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) Safe to Use in 2026?

Generally Safe

Score 100/100

R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The r2k-captcha plugin, version 1.0.3, exhibits a generally strong security posture based on the provided static analysis. The plugin correctly implements nonce checks on all identified AJAX entry points, and its SQL queries are exclusively performed using prepared statements, which significantly mitigates the risk of SQL injection vulnerabilities. Furthermore, the high percentage of properly escaped output suggests good practices in preventing cross-site scripting (XSS) attacks. The absence of any recorded vulnerabilities in its history further contributes to a positive security assessment.

Key Concerns

No capability checks on AJAX handlers
External HTTP requests present

Vulnerabilities

None known

R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

104 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped111 total outputs

Attack Surface

R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_r2k_captcha_save_optionsr2k-captcha.php:228

authwp_ajax_r2k_captcha_validate_keysr2k-captcha.php:229

authwp_ajax_r2k_captcha_update_user_noticer2k-captcha.php:230

authwp_ajax_r2k_captcha_get_ipr2k-captcha.php:231

WordPress Hooks 21

actionadmin_menur2k-captcha.php:183

actionadmin_enqueue_scriptsr2k-captcha.php:184

actionadmin_noticesr2k-captcha.php:185

actionadmin_enqueue_scriptsr2k-captcha.php:186

actionlogin_enqueue_scriptsr2k-captcha.php:193

actionlogin_formr2k-captcha.php:194

filterauthenticater2k-captcha.php:196

actionlogin_enqueue_scriptsr2k-captcha.php:202

actionresetpass_formr2k-captcha.php:203

actionlostpassword_formr2k-captcha.php:204

actionvalidate_password_resetr2k-captcha.php:206

filterallow_password_resetr2k-captcha.php:207

actionlogin_enqueue_scriptsr2k-captcha.php:213

actionregister_formr2k-captcha.php:214

filterregistration_errorsr2k-captcha.php:216

actionlogin_formr2k-captcha.php:221

actionresetpass_formr2k-captcha.php:222

actionlostpassword_formr2k-captcha.php:223

actionregister_formr2k-captcha.php:224

filterwp_mail_content_typer2k-captcha.php:1061

actionplugins_loadedr2k-captcha.php:1580

Maintenance & Trust

R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedDec 16, 2025

PHP min version8.0

Downloads241

Community Trust

Rating0/100

Number of ratings0

Active installs30

Alternatives

R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) Alternatives

Protect Ai Login

protect-ai-login

Change default login site to a custom URL, block spam, bot registration, and brute-force using Google reCAPTCHA.

10 No CVEs

reCaptcha by BestWebSoft

google-captcha

Protect WordPress website forms from spam entries with Google reCAPTCHA.

100K 3 CVEs

Login No Captcha reCAPTCHA

Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.

60K 1 CVE

Login Security Captcha

100

Secure WordPress login, registration, and comment form with Google reCAPTCHA or Cloudflare Turnstile. Prevent Brute-force attacks and more.

10K No CVEs

ReCaptcha Integration for WordPress

wp-recaptcha-integration

reCaptcha for login, signup, comment forms, Ninja Forms and woocommerce.

10K 2 CVEs

Developer Profile

R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile) Developer Profile

systemsrtk

3 plugins · 150 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect R2K Security Captcha (for reCAPTCHA Enterprise & Cloudflare Turnstile)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/r2k-captcha/assets/css/admin.css/wp-content/plugins/r2k-captcha/assets/css/notice.css/wp-content/plugins/r2k-captcha/assets/js/admin.js/wp-content/plugins/r2k-captcha/assets/js/frontend.js

Script Paths

https://www.google.com/recaptcha/enterprise.jshttps://challenges.cloudflare.com/turnstile/v0/api.js

Version Parameters

r2k-captcha/assets/css/admin.css?ver=r2k-captcha/assets/css/notice.css?ver=r2k-captcha/assets/js/admin.js?ver=r2k-captcha/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

r2k-captcha-notice-warningr2k-captcha-notice-errorr2k-captcha-wrapper

Data Attributes

data-sitekeydata-actiondata-callback

JS Globals

r2k_captcha_settings

FAQ