Does reCAPTCHA in WP comments form have any unpatched vulnerabilities?

No. All known vulnerabilities in reCAPTCHA in WP comments form have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is reCAPTCHA in WP comments form compatible with WordPress 5.1.22?

According to WordPress.org data, reCAPTCHA in WP comments form 9.1.2 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

How often is reCAPTCHA in WP comments form updated?

reCAPTCHA in WP comments form was last updated on Apr 22, 2019. Frequent updates are generally a positive security signal.

What is reCAPTCHA in WP comments form's security score?

reCAPTCHA in WP comments form has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

reCAPTCHA in WP comments form Security & Risk Analysis

wordpress.org/plugins/recaptcha-in-wp-comments-form

reCAPTCHA in WP comments form is an ANTISPAM tool that adds a Google reCAPTCHA to the comments form and protects your site from the spam robots threat …

9K active installs v9.1.2 PHP + WP 4.0.0+ Updated Apr 22, 2019

antispamantispam-protectioncomments-antispamcomments-recaptcharecaptcha

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is reCAPTCHA in WP comments form Safe to Use in 2026?

Generally Safe

Score 85/100

reCAPTCHA in WP comments form has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The 'recaptcha-in-wp-comments-form' plugin version 9.1.2 exhibits a concerning security posture primarily due to its unprotected entry points. While the plugin demonstrates good practices in its handling of SQL queries, utilizing prepared statements exclusively, and the absence of critical taint flows, the presence of two AJAX handlers without any authentication or capability checks is a significant vulnerability. This opens the door for unauthenticated users to potentially interact with these handlers, leading to unintended actions or information disclosure if further vulnerabilities are present within those handlers.

The static analysis reveals a notable lack of security controls, including zero nonce checks and zero capability checks. Coupled with the low percentage of properly escaped output (1%), this suggests a high risk of cross-site scripting (XSS) vulnerabilities being exploitable through these unprotected AJAX endpoints. The plugin's vulnerability history is currently clean, which is a positive indicator. However, this should not overshadow the immediate risks identified in the code analysis, as a clean history does not guarantee future security or negate existing weaknesses.

Key Concerns

AJAX handlers without auth checks
Lack of nonce checks
Lack of capability checks
Low output escaping (1%)

Vulnerabilities

None known

reCAPTCHA in WP comments form Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

reCAPTCHA in WP comments form Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

127

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

1% escaped128 total outputs

Attack Surface

2 unprotected

reCAPTCHA in WP comments form Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_griwpc_verify_recaptcharecaptcha-in-wp-comments.php:69

noprivwp_ajax_griwpc_verify_recaptcharecaptcha-in-wp-comments.php:70

WordPress Hooks 21

actionadmin_enqueue_scriptsincludes\backend-interface.php:86

actionadmin_enqueue_scriptsincludes\backend-interface.php:87

actionwpincludes\frontend-interface.php:28

actioncomment_form_after_fieldsincludes\frontend-interface.php:45

actionwp_enqueue_scriptsincludes\frontend-interface.php:50

actionadmin_enqueue_scriptsincludes\installation-interface.php:46

actionadmin_enqueue_scriptsincludes\installation-interface.php:47

actionadmin_menuincludes\interfaces.php:54

actionadmin_initincludes\interfaces.php:57

actioncurrent_screenincludes\interfaces.php:60

actionadmin_noticesincludes\interfaces.php:100

actionadmin_enqueue_scriptsincludes\recaptcha.php:28

actionadmin_enqueue_scriptsincludes\recaptcha.php:29

actionwp_enqueue_scriptsincludes\recaptcha.php:37

actionwp_enqueue_scriptsincludes\recaptcha.php:39

filterpre_comment_approvedincludes\recaptcha.php:252

filterpre_comment_approvedincludes\recaptcha.php:256

actioncurrent_screenincludes\settings.php:29

actionadmin_noticesrecaptcha-in-wp-comments.php:59

actionpre_comment_on_postrecaptcha-in-wp-comments.php:66

actionplugins_loadedrecaptcha-in-wp-comments.php:78

Maintenance & Trust

reCAPTCHA in WP comments form Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedApr 22, 2019

PHP min version

Downloads73K

Community Trust

Rating82/100

Number of ratings20

Active installs9K

Alternatives

reCAPTCHA in WP comments form Alternatives

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE

reCaptcha by BestWebSoft

google-captcha

Protect WordPress website forms from spam entries with Google reCAPTCHA.

100K 3 CVEs

Friendly Captcha for WordPress

friendly-captcha

100

Friendly Captcha is a privacy-first anti-bot solution that protects WordPress website forms from spam and abuse.

9K No CVEs

Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant

gdpr-compliant-recaptcha-for-all-forms

Anti-spam - CAPTCHA that protects all forms against spam and brute-force. Invisible and GDPR-compliant.

4K 1 CVE

GG Infucaptcha reCaptcha for Infusionsoft

gg-infucaptcha-recaptcha-for-infusionsoft

Inserts Google’s new reCAPTCHA into Infusionsoft web forms

40 No CVEs

Developer Profile

reCAPTCHA in WP comments form Developer Profile

jmviade

2 plugins · 9K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect reCAPTCHA in WP comments form

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/recaptcha-in-wp-comments-form/js/backend-interface.js/wp-content/plugins/recaptcha-in-wp-comments-form/js/frontend-interface.js/wp-content/plugins/recaptcha-in-wp-comments-form/js/recaptcha.js/wp-content/plugins/recaptcha-in-wp-comments-form/css/backend-interface.css/wp-content/plugins/recaptcha-in-wp-comments-form/css/frontend-interface.css

Version Parameters

recaptcha-in-wp-comments-form/js/backend-interface.js?ver=recaptcha-in-wp-comments-form/js/frontend-interface.js?ver=recaptcha-in-wp-comments-form/js/recaptcha.js?ver=recaptcha-in-wp-comments-form/css/backend-interface.css?ver=recaptcha-in-wp-comments-form/css/frontend-interface.css?ver=

HTML / DOM Fingerprints

CSS Classes

griwpc-noticegriwpc-installation-form-messagegriwpc-backend-interface

HTML Comments

Data Attributes

data-sitekeydata-callback

JS Globals

grecaptchagriwpbigriwpc_frontend_interface

REST Endpoints

/wp-json/griwpc/v1/verify_recaptcha

FAQ