Does reCAPTCHA Lite have any unpatched vulnerabilities?

No. All known vulnerabilities in reCAPTCHA Lite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is reCAPTCHA Lite compatible with WordPress 5.4.19?

According to WordPress.org data, reCAPTCHA Lite 1.0 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is reCAPTCHA Lite compatible with PHP 5.6+?

reCAPTCHA Lite requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is reCAPTCHA Lite updated?

reCAPTCHA Lite was last updated on Apr 22, 2020. Frequent updates are generally a positive security signal.

What is reCAPTCHA Lite's security score?

reCAPTCHA Lite has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

reCAPTCHA Lite Security & Risk Analysis

wordpress.org/plugins/recaptcha-lite

Integrate the Google's reCAPTCHA Google's reCAPTCHA v2 Checkbox or v3 into the forms and protect your site from bots, brute-force attacks, s …

100 active installs v1.0 PHP 5.6+ WP 4.4+ Updated Apr 22, 2020

botscaptchagoogleprotectsecure

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is reCAPTCHA Lite Safe to Use in 2026?

Generally Safe

Score 85/100

reCAPTCHA Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The recaptcha-lite v1.0 plugin exhibits a generally good security posture based on the static analysis provided. The absence of identified dangerous functions, SQL queries without prepared statements, file operations, and external HTTP requests (with one exception noted below) are positive indicators. Furthermore, the lack of known CVEs and a clean vulnerability history suggests a mature and well-maintained codebase.

However, there are a few areas that warrant attention. The low percentage of properly escaped output (20%) is a significant concern, as it indicates a potential for cross-site scripting (XSS) vulnerabilities. While the static analysis did not detect any specific taint flows or unsanitized paths, the lack of consistent output escaping leaves the door open for attackers to inject malicious scripts if user-supplied data is not handled carefully before rendering. Additionally, the presence of an external HTTP request without further context about its purpose or security measures is a potential risk, as it could be a vector for other types of attacks.

In conclusion, while recaptcha-lite v1.0 appears to be free of known critical vulnerabilities and demonstrates good practices in areas like SQL handling and attack surface minimization, the lack of robust output escaping and the single external HTTP request present notable weaknesses. Addressing the output escaping issues should be a priority to mitigate XSS risks.

Key Concerns

Low output escaping coverage
Single external HTTP request (unspecified)

Vulnerabilities

None known

reCAPTCHA Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

reCAPTCHA Lite Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

20% escaped10 total outputs

Attack Surface

reCAPTCHA Lite Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actionwp_loadedsrc\Components\V3.php:41

actiongrl_recaptcha_before_verificationsrc\Components\V3.php:42

filterscript_loader_srcsrc\RecaptchaBase.php:87

actionwp_loadedsrc\RecaptchaBase.php:373

actionwp_enqueue_scriptssrc\RecaptchaBase.php:374

actionlogin_enqueue_scriptssrc\RecaptchaBase.php:375

actionadmin_menusrc\RecaptchaLite.php:43

actionadmin_initsrc\RecaptchaLite.php:44

filterplugin_action_links_recaptcha-lite/recaptcha-lite.phpsrc\RecaptchaLite.php:45

Maintenance & Trust

reCAPTCHA Lite Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedApr 22, 2020

PHP min version5.6

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

reCAPTCHA Lite Alternatives

Hostbox Google reCAPTCHA

hostbox-google-recaptcha

100

Simple Google reCAPTCHA (v2 and v3) for WordPress, 100% free, no hidden premium, no catches. Supports WooCommerce and Contact Form 7.

600 No CVEs

Minor Improvements

minor-improvements

Package of several minor improvements. Why to install several plugins? You need this one only.

10 No CVEs

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs

Advanced Google reCAPTCHA

advanced-google-recaptcha

Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.

200K 3 CVEs

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE

Developer Profile

reCAPTCHA Lite Developer Profile

Malik Naik

2 plugins · 130 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect reCAPTCHA Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/recaptcha-lite/assets/js/script.js/wp-content/plugins/recaptcha-lite/assets/css/style.css

Script Paths

https://www.google.com/recaptcha/api.js

Version Parameters

recaptcha-lite/assets/js/script.js?ver=recaptcha-lite/assets/css/style.css?ver=

HTML / DOM Fingerprints

Data Attributes

grl_recaptcha

JS Globals