WP-Safety

SecureGate Captcha Lite Security & Risk Analysis

wordpress.org/plugins/securegate-captcha-lite

Complete site security with Cloudflare Turnstile, Math & Character CAPTCHA. High-performance protection for Login, Registration, and Comment forms.

0 active installs v1.0.1 PHP 7.4+ WP 5.8+ Updated Unknown
brute-force-protectioncaptchasecurityspam-protectionturnstile
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is SecureGate Captcha Lite Safe to Use in 2026?

Generally Safe

Score 100/100

SecureGate Captcha Lite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The securegate-captcha-lite plugin v1.0.1 presents a mixed security posture. On the positive side, the plugin demonstrates good practices in output escaping, with 98% of outputs being properly handled, and it does not appear to bundle any outdated libraries. Furthermore, the absence of known CVEs and a clean vulnerability history are encouraging indicators of past security diligence. However, there are notable concerns. The presence of four AJAX handlers, one of which lacks authentication checks, creates a potential entry point for unauthorized actions. The code also utilizes SQL queries without prepared statements, which can be a significant risk for SQL injection vulnerabilities if user-supplied data is not meticulously handled elsewhere. While taint analysis shows no current critical or high severity flows, the lack of analysis or the absence of findings doesn't guarantee complete safety, especially when coupled with raw SQL queries.

Overall, the plugin has strengths in output sanitization and a clean vulnerability track record. Nevertheless, the unprotected AJAX handler and the use of non-prepared SQL statements introduce specific, addressable risks. The limited attack surface and lack of other common vulnerability patterns are positive, but the identified weaknesses should be prioritized for remediation to ensure a robust security profile.

Key Concerns

  • Unprotected AJAX handler
  • SQL queries without prepared statements
Vulnerabilities
None known

SecureGate Captcha Lite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

SecureGate Captcha Lite Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
0 prepared
Unescaped Output
3
181 escaped
Nonce Checks
6
Capability Checks
8
File Operations
0
External Requests
1
Bundled Libraries
0

SQL Query Safety

0% prepared4 total queries

Output Escaping

98% escaped184 total outputs
Attack Surface
1 unprotected

SecureGate Captcha Lite Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 4

authwp_ajax_securegate_dismiss_review_noticeincludes\class-admin-settings.php:81
authwp_ajax_securegate_dismiss_dashboard_noticeincludes\class-admin-settings.php:83
authwp_ajax_securegate_test_captchaincludes\class-core.php:211
authwp_ajax_securegate_clear_logsincludes\class-core.php:215
WordPress Hooks 32
actionadmin_menuincludes\class-admin-settings.php:76
actionadmin_initincludes\class-admin-settings.php:77
actionadmin_noticesincludes\class-admin-settings.php:78
actionadmin_noticesincludes\class-admin-settings.php:79
actionadmin_enqueue_scriptsincludes\class-admin-settings.php:80
actionadmin_noticesincludes\class-admin-settings.php:82
actionwp_enqueue_scriptsincludes\class-core.php:196
actionlogin_enqueue_scriptsincludes\class-core.php:197
actionadmin_enqueue_scriptsincludes\class-core.php:198
filterbody_classincludes\class-core.php:201
actionupdate_option_securegate_captcha_settingsincludes\class-core.php:204
actionlogin_initincludes\class-core.php:207
actioninitincludes\class-core.php:221
actionwp_enqueue_scriptsincludes\class-core.php:224
actionadmin_initincludes\class-core.php:227
actionlogin_formincludes\class-wordpress.php:76
filterauthenticateincludes\class-wordpress.php:77
actionregister_formincludes\class-wordpress.php:87
filterregistration_errorsincludes\class-wordpress.php:88
actionlostpassword_formincludes\class-wordpress.php:98
actionlostpassword_postincludes\class-wordpress.php:102
filterlogin_errorsincludes\class-wordpress.php:111
actioncomment_form_after_fieldsincludes\class-wordpress.php:116
actioncomment_form_logged_in_afterincludes\class-wordpress.php:120
filterpreprocess_commentincludes\class-wordpress.php:124
actionadmin_noticessecuregate-captcha-lite.php:51
actionadmin_noticessecuregate-captcha-lite.php:94
actionplugins_loadedsecuregate-captcha-lite.php:111
actionadmin_initsecuregate-captcha-lite.php:137
actionadmin_noticessecuregate-captcha-lite.php:154
filterplugin_row_metasecuregate-captcha-lite.php:319
actionbefore_woocommerce_initsecuregate-captcha-lite.php:324
Maintenance & Trust

SecureGate Captcha Lite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedUnknown
PHP min version7.4
Downloads160

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

SecureGate Captcha Lite Alternatives

Bot Protection with Turnstile

Bot Protection with Turnstile

bot-protection-turnstile

A
100

A lightweight plugin that protects core WordPress forms and selected third‑party plugins from spam and bot attacks using Cloudflare Turnstile CAPTCHA.

70 No CVEs
CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

A
99

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE
Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

captcha-bws

A
99

1 The Ultimate Spam Protection Plugin Using Captcha for WordPress Forms.

10K 2 CVEs
DoLogin Security

DoLogin Security

dologin

A
98

Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent/Country/City)/IP range to limit login attempts.

7K 4 CVEs
Cartpauj Register Captcha

Cartpauj Register Captcha

cartpauj-register-captcha

A
100

Cartpauj Register Captcha does one simple task. It prevents SPAM signups through WordPress' default registration form.

1K 1 CVE
Developer Profile

SecureGate Captcha Lite Developer Profile

R.Sabbir

3 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect SecureGate Captcha Lite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/securegate-captcha-lite/assets/css/sg-captcha-lite-admin.css/wp-content/plugins/securegate-captcha-lite/assets/css/sg-captcha-lite-frontend.css/wp-content/plugins/securegate-captcha-lite/assets/js/sg-captcha-lite-admin.js/wp-content/plugins/securegate-captcha-lite/assets/js/sg-captcha-lite-frontend.js
Script Paths
/wp-content/plugins/securegate-captcha-lite/assets/js/sg-captcha-lite-frontend.js
Version Parameters
securegate-captcha-lite/assets/css/sg-captcha-lite-admin.css?ver=securegate-captcha-lite/assets/css/sg-captcha-lite-frontend.css?ver=securegate-captcha-lite/assets/js/sg-captcha-lite-admin.js?ver=securegate-captcha-lite/assets/js/sg-captcha-lite-frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
sg-captcha-lite-admin-notice-wrapper
HTML Comments
<!-- SecureGate Captcha Lite: Admin Notice --><!-- SecureGate Captcha Lite: Frontend CAPTCHA --><!-- SecureGate Captcha Lite: End Frontend CAPTCHA -->
Data Attributes
data-sgcaptcha-lite-form-iddata-sgcaptcha-lite-provider
JS Globals
sgCaptchaLiteFrontend
FAQ

Frequently Asked Questions about SecureGate Captcha Lite