Does Uber reCaptcha have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Uber reCaptcha compatible with WordPress 6.8.5?

According to WordPress.org data, Uber reCaptcha 1.1.5 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Uber reCaptcha updated?

Uber reCaptcha was last updated on Jul 10, 2025. Frequent updates are generally a positive security signal.

What is Uber reCaptcha's security score?

Uber reCaptcha has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Uber reCaptcha Security & Risk Analysis

wordpress.org/plugins/uber-nocaptcha-recaptcha

This plugin adds the reCaptcha form to the WordPress login form, recover password form, register form and comment form.

1K active installs v1.1.5 PHP + WP 3.9+ Updated Jul 10, 2025

captchacomment-protectionlogin-protectionspamspam-protection

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Uber reCaptcha Safe to Use in 2026?

Generally Safe

Score 100/100

Uber reCaptcha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The "uber-nocaptcha-recaptcha" plugin v1.1.5 exhibits a generally strong security posture based on the static analysis. The absence of identified attack surface points like unprotected AJAX handlers, REST API routes, shortcodes, or cron events is a significant positive. Furthermore, the lack of dangerous functions and critical or high severity taint flows suggests a well-written codebase with good input sanitization practices.

However, there are minor areas for improvement. The presence of a single SQL query that is not using prepared statements, while not a critical issue on its own, represents a potential point of vulnerability to SQL injection if the input influencing this query is not meticulously sanitized elsewhere. The external HTTP request should also be monitored for potential vulnerabilities in the external service itself. The plugin's vulnerability history is a significant strength, with no recorded CVEs indicating a track record of secure development.

In conclusion, this plugin appears to be relatively secure, with its primary strength being its limited attack surface and clean vulnerability history. The main area of concern is the single non-prepared SQL query, which, while not demonstrably exploitable with the provided data, is a good practice to address for enhanced security.

Key Concerns

SQL query not using prepared statements

Vulnerabilities

None known

Uber reCaptcha Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Uber reCaptcha Release Timeline

v1.1.5Current

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

Code Analysis

Analyzed Mar 16, 2026

Uber reCaptcha Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

34 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

79% escaped43 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

2 flows

ncr_save_settings (admin\settings.php:314)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Uber reCaptcha Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 26

actionadmin_menuadmin\settings.php:19

actionadmin_enqueue_scriptsadmin\settings.php:22

actionplugins_loadedincludes\class-ncr-base.php:114

actioninitincludes\class-ncr-captcha-on-comment-form.php:52

actionwp_headincludes\class-ncr-captcha-on-comment-form.php:75

actionwp_headincludes\class-ncr-captcha-on-comment-form.php:76

filtercomment_form_submit_fieldincludes\class-ncr-captcha-on-comment-form.php:80

filterpreprocess_commentincludes\class-ncr-captcha-on-comment-form.php:85

filtercomment_post_redirectincludes\class-ncr-captcha-on-comment-form.php:88

actioninitincludes\class-ncr-captcha-on-login.php:38

actionlogin_enqueue_scriptsincludes\class-ncr-captcha-on-login.php:51

actionlogin_enqueue_scriptsincludes\class-ncr-captcha-on-login.php:54

actionlogin_formincludes\class-ncr-captcha-on-login.php:57

actionwp_authenticate_userincludes\class-ncr-captcha-on-login.php:60

actioninitincludes\class-ncr-captcha-on-register.php:36

actionlogin_enqueue_scriptsincludes\class-ncr-captcha-on-register.php:49

actionlogin_enqueue_scriptsincludes\class-ncr-captcha-on-register.php:52

actionregister_formincludes\class-ncr-captcha-on-register.php:54

actionregistration_errorsincludes\class-ncr-captcha-on-register.php:56

actioninitincludes\class-ncr-captcha-recover-password-form.php:39

actionlogin_enqueue_scriptsincludes\class-ncr-captcha-recover-password-form.php:53

actionlogin_enqueue_scriptsincludes\class-ncr-captcha-recover-password-form.php:56

actionlostpassword_formincludes\class-ncr-captcha-recover-password-form.php:58

actionlostpassword_postincludes\class-ncr-captcha-recover-password-form.php:59

actioninitincludes\helpers\class-ncr-admin-notices.php:31

actionadmin_noticesincludes\helpers\class-ncr-admin-notices.php:40

Maintenance & Trust

Uber reCaptcha Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 10, 2025

PHP min version

Downloads79K

Community Trust

Rating74/100

Number of ratings9

Active installs1K

Alternatives

Uber reCaptcha Alternatives

CF7 Apps – Honeypot, Database, Redirection, Webhook, and Addons for Contact Form 7

contact-form-7-honeypot

100

Addons for Contact Form 7 — Honeypot, Database Entries, Redirection, Spam Protection, Webhooks, ACF integration for Contact Form 7, and more.

300K No CVEs

CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress

advanced-nocaptcha-recaptcha

Use CAPTCHA to stop spam and allow customers & users to interact with your website easily. Block fake accounts and orders. Avoid false positives.

100K 1 CVE

Contact Form 7 Captcha

contact-form-7-simple-recaptcha

Protect your Contact Form 7 forms with Google reCAPTCHA V2, Google reCAPTCHA V3, hCAPTCHA, or Cloudflare Turnstile.

100K 2 CVEs

Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

captcha-bws

1 The Ultimate Spam Protection Plugin Using Captcha for WordPress Forms.

10K 2 CVEs

SilentShield – Captcha & Anti-Spam for WordPress (CF7, WPForms, Elementor, WooCommerce)

captcha-for-contact-form-7

100

SilentShield – the invisible shield against spam. Spam is the weed of the internet. It clogs your forms, steals your time, and corrupts your data.

10K 1 CVE

Developer Profile

Uber reCaptcha Developer Profile

Razvan Aldea

3 plugins · 3K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Uber reCaptcha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/uber-nocaptcha-recaptcha/assets/css/back-end-styles.css/wp-content/plugins/uber-nocaptcha-recaptcha/assets/js/recaptcha.js

Script Paths

https://www.google.com/recaptcha/api.js

Version Parameters

uber-nocaptcha-recaptcha/assets/css/back-end-styles.css?ver=uber-nocaptcha-recaptcha/assets/js/recaptcha.js?ver=

HTML / DOM Fingerprints

CSS Classes

g-recaptcha

Data Attributes

data-sitekeydata-callback

JS Globals

grecaptcha

FAQ