Does reCAPTCHA for WooCommerce have any unpatched vulnerabilities?

No. All known vulnerabilities in reCAPTCHA for WooCommerce have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is reCAPTCHA for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, reCAPTCHA for WooCommerce 1.4.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is reCAPTCHA for WooCommerce updated?

reCAPTCHA for WooCommerce was last updated on Nov 5, 2025. Frequent updates are generally a positive security signal.

What is reCAPTCHA for WooCommerce's security score?

reCAPTCHA for WooCommerce has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

reCAPTCHA for WooCommerce Security & Risk Analysis

wordpress.org/plugins/recaptcha-woo

Add Google reCAPTCHA to your WooCommerce Checkout, Login, and Registration Forms. 100% free!

40K active installs v1.4.7 PHP + WP 4.7+ Updated Nov 5, 2025

checkoutprotectrecaptchaspamwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is reCAPTCHA for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

reCAPTCHA for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The recaptcha-woo v1.4.7 plugin exhibits a generally strong security posture, with no known vulnerabilities or critical issues identified in the static analysis. The complete absence of unprotected entry points across AJAX handlers, REST API, shortcodes, and cron events is a significant strength, indicating a well-designed attack surface. Furthermore, the plugin exclusively uses prepared statements for its SQL queries, eliminating the risk of SQL injection vulnerabilities.

However, a notable concern arises from the output escaping, with only 35% of outputs being properly escaped. This suggests a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being rendered in the browser. While the taint analysis did not reveal critical or high severity unsanitized paths, the presence of one unsanitized path warrants attention. The plugin also makes an external HTTP request, which, while not inherently a vulnerability, is a potential vector for information disclosure or man-in-the-middle attacks if not handled securely.

Given the clean vulnerability history and the absence of dangerous functions, the overall risk is currently low. The strengths in attack surface management and SQL handling are commendable. The primary areas for improvement are the inconsistent output escaping and the single unsanitized path identified in the taint analysis. Addressing these would further solidify the plugin's security.

Key Concerns

Low output escaping percentage
One flow with unsanitized paths
External HTTP requests

Vulnerabilities

None known

reCAPTCHA for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

reCAPTCHA for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

35% escaped92 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

rcfwc_recaptcha_check (recaptcha-woo.php:168)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

reCAPTCHA for WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 37

actionadmin_menuadmin-options.php:7

actionadmin_initadmin-options.php:14

actionupdate_option_rcfwc_keyadmin-options.php:36

actionupdate_option_rcfwc_secretadmin-options.php:37

actionadmin_enqueue_scriptsadmin-options.php:53

actionadmin_initrecaptcha-woo.php:24

actionbefore_woocommerce_initrecaptcha-woo.php:34

filterplugin_action_linksrecaptcha-woo.php:41

actionwp_enqueue_scriptsrecaptcha-woo.php:58

actionwp_enqueue_scriptsrecaptcha-woo.php:64

actionlogin_enqueue_scriptsrecaptcha-woo.php:73

actionlogin_formrecaptcha-woo.php:213

actionauthenticaterecaptcha-woo.php:214

actionwp_loginrecaptcha-woo.php:251

actionregister_formrecaptcha-woo.php:258

actionregistration_errorsrecaptcha-woo.php:259

actionlostpassword_formrecaptcha-woo.php:275

actionlostpassword_postrecaptcha-woo.php:276

actionwoocommerce_review_order_before_paymentrecaptcha-woo.php:294

filterrender_block_woocommerce/checkout-payment-blockrecaptcha-woo.php:295

actionwoocommerce_review_order_after_paymentrecaptcha-woo.php:297

filterrender_block_woocommerce/checkout-payment-blockrecaptcha-woo.php:298

actionwoocommerce_before_checkout_billing_formrecaptcha-woo.php:300

filterrender_block_woocommerce/checkout-contact-information-blockrecaptcha-woo.php:301

actionwoocommerce_after_checkout_billing_formrecaptcha-woo.php:303

filterrender_block_woocommerce/checkout-shipping-methods-blockrecaptcha-woo.php:304

actionwoocommerce_review_order_before_submitrecaptcha-woo.php:306

filterrender_block_woocommerce/checkout-actions-blockrecaptcha-woo.php:307

actionwoocommerce_checkout_processrecaptcha-woo.php:309

actionwoocommerce_store_api_checkout_update_order_from_requestrecaptcha-woo.php:310

actionwoocommerce_blocks_loadedrecaptcha-woo.php:311

actionwoocommerce_login_formrecaptcha-woo.php:422

actionauthenticaterecaptcha-woo.php:423

actionwoocommerce_register_formrecaptcha-woo.php:446

actionwoocommerce_register_postrecaptcha-woo.php:447

actionwoocommerce_lostpassword_formrecaptcha-woo.php:463

actionlostpassword_postrecaptcha-woo.php:464

Maintenance & Trust

reCAPTCHA for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 5, 2025

PHP min version

Downloads297K

Community Trust

Rating92/100

Number of ratings73

Active installs40K

Alternatives

reCAPTCHA for WooCommerce Alternatives

Checkout Origin Guard

checkout-origin-guard

100

One-page WooCommerce checkout hardening; bot blocking, rate/sequence checks, business/email heuristics, and optional AVS-based risk signals.

0 No CVEs

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE

Contact Form 7 Captcha

contact-form-7-simple-recaptcha

Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.

100K 2 CVEs

Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

captcha-bws

1 The Ultimate Spam Protection Plugin Using Captcha for WordPress Forms.

10K 2 CVEs

reCAPTCHA in WP comments form

recaptcha-in-wp-comments-form

reCAPTCHA in WP comments form is an ANTISPAM tool that adds a Google reCAPTCHA to the comments form and protects your site from the spam robots threat …

9K No CVEs

Developer Profile

reCAPTCHA for WooCommerce Developer Profile

Elliot Sowersby / RelyWP

8 plugins · 146K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

235 days

View full developer profile

Detection Fingerprints

How We Detect reCAPTCHA for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/recaptcha-woo/js/rcfwc.js

Script Paths

https://www.google.com/recaptcha/api.js?hl=

Version Parameters

rcfwc-js?ver=

HTML / DOM Fingerprints

CSS Classes

g-recaptchag-recaptcha-woo-checkout

Data Attributes

data-sitekeydata-themedata-callbackdata-expired-callbackid="g-recaptcha-woo-checkout"

JS Globals

rcfwcRecaptchaCallbackrcfwcRecaptchaExpired

FAQ