WP-Safety

Ultimate Captcha reCAPTCHA Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/ultimate-captcha

This is a free plugin to protect your WordPress website.

0 active installs v1.0.5 PHP + WP 3.0.1+ Updated Oct 5, 2021
botscaptcharecaptcharegistrationspam-control
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Ultimate Captcha reCAPTCHA Plugin for WordPress Safe to Use in 2026?

Generally Safe

Score 85/100

Ultimate Captcha reCAPTCHA Plugin for WordPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "ultimate-captcha" v1.0.5 plugin presents a mixed security posture. While it demonstrates good practices in terms of SQL query security by exclusively using prepared statements and has no recorded vulnerabilities or CVEs, there are significant areas of concern. The static analysis reveals a notable vulnerability in its attack surface, with one AJAX handler lacking authentication checks. This unprotected entry point could potentially be exploited by unauthenticated users.

Further analysis of the code signals indicates potential issues with output sanitization, as only 33% of outputs are properly escaped. Additionally, the taint analysis shows a high number of flows with unsanitized paths (11 out of 12), though thankfully none reached critical or high severity. This pattern suggests a potential for cross-site scripting (XSS) vulnerabilities if user-supplied data is not properly handled before being displayed. The absence of historical vulnerabilities is a positive sign, suggesting a potentially stable codebase, but this must be considered alongside the identified code weaknesses.

Overall, the plugin has a moderate security risk. The lack of authentication on an AJAX handler and the prevalence of unsanitized output flows are the primary concerns that require attention. The plugin's strength lies in its secure SQL handling and clean vulnerability history. Addressing the identified vulnerabilities and improving output sanitization would significantly enhance its security posture.

Key Concerns

  • Unprotected AJAX handler
  • Low percentage of properly escaped output
  • High number of unsanitized taint flows
Vulnerabilities
None known

Ultimate Captcha reCAPTCHA Plugin for WordPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Ultimate Captcha reCAPTCHA Plugin for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
108
52 escaped
Nonce Checks
1
Capability Checks
1
File Operations
2
External Requests
2
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

33% escaped160 total outputs
Data Flows
11 unsanitized

Data Flow Analysis

12 flows11 with unsanitized paths
reload_field_to_edit (classes\ultimatecaptcha.class.php:294)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Ultimate Captcha reCAPTCHA Plugin for WordPress Attack Surface

Entry Points5
Unprotected1

AJAX Handlers 1

authwp_ajax_custom_fields_resetclasses\ultimatecaptcha.class.php:65

Shortcodes 4

[ultimatecaptcha_user_login] classes\ultimatecaptcha.profile.php:2046
[ultimatecaptcha_user_recover_password] classes\ultimatecaptcha.profile.php:2047
[ultimatecaptcha_account] classes\ultimatecaptcha.profile.php:2048
[ultimatecaptcha_user_signup] classes\ultimatecaptcha.profile.php:2049
WordPress Hooks 35
actionadmin_menuaddons\profiles\admin\admin.php:19
actionadmin_enqueue_scriptsaddons\profiles\admin\admin.php:20
actionadmin_headaddons\profiles\admin\admin.php:21
actionadmin_initaddons\profiles\admin\admin.php:22
actionadmin_menuclasses\ultimatecaptcha.class.php:38
actionadmin_headclasses\ultimatecaptcha.class.php:39
actionadmin_initclasses\ultimatecaptcha.class.php:40
actionadmin_initclasses\ultimatecaptcha.class.php:41
actionadmin_enqueue_scriptsclasses\ultimatecaptcha.class.php:43
actionwp_enqueue_scriptsclasses\ultimatecaptcha.class.php:44
actionwp_enqueue_scriptsclasses\ultimatecaptcha.class.php:45
actioniniclasses\ultimatecaptcha.class.php:46
actionplugins_loadedclasses\ultimatecaptcha.class.php:48
actioncomment_form_after_fieldsclasses\ultimatecaptcha.class.php:783
actionlogin_formclasses\ultimatecaptcha.class.php:787
actionregister_formclasses\ultimatecaptcha.class.php:791
actionlostpassword_formclasses\ultimatecaptcha.class.php:795
actionwoocommerce_login_formclasses\ultimatecaptcha.class.php:799
actionwoocommerce_register_formclasses\ultimatecaptcha.class.php:800
actionwoocommerce_lostpassword_formclasses\ultimatecaptcha.class.php:801
actioninitclasses\ultimatecaptcha.class.php:803
actionpreprocess_commentclasses\ultimatecaptcha.class.php:846
actionwp_authenticate_userclasses\ultimatecaptcha.class.php:850
actionregistration_errorsclasses\ultimatecaptcha.class.php:851
actionlostpassword_postclasses\ultimatecaptcha.class.php:852
actionresetpass_postclasses\ultimatecaptcha.class.php:853
actionwoocommerce_register_postclasses\ultimatecaptcha.class.php:855
actionlogin_formclasses\ultimatecaptcha.class.php:958
actionauthenticateclasses\ultimatecaptcha.class.php:962
actioninitclasses\ultimatecaptcha.profile.php:11
actioninitclasses\ultimatecaptcha.profile.php:12
actionwp_enqueue_scriptsclasses\ultimatecaptcha.profile.php:13
actioninitclasses\ultimatecaptcha.profile.php:31
actioninitindex.php:42
actionadmin_initindex.php:63
Maintenance & Trust

Ultimate Captcha reCAPTCHA Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedOct 5, 2021
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Ultimate Captcha reCAPTCHA Plugin for WordPress Alternatives

Easy WP Members reCaptcha Add-on

Easy WP Members reCaptcha Add-on

easy-wp-members-recaptcha

A
85

This is a free add-on for Easy WP Members Plugin.

10 No CVEs
Users Ultra Pro reCaptcha 3.0 Add-on

Users Ultra Pro reCaptcha 3.0 Add-on

users-ultra-pro-recaptcha

A
85

This is a free add-on for Users Ultra Pro 3.0 Plugin.

10 No CVEs
WP Ticket Ultra reCaptcha Add-on

WP Ticket Ultra reCaptcha Add-on

wp-ticket-ultra-recaptcha

A
100

This is a free add-on for WP Ticket Ultra Plugin.

0 No CVEs
No CAPTCHA reCAPTCHA

No CAPTCHA reCAPTCHA

no-captcha-recaptcha

A
85

Protect WordPress login, registration, comment and BuddyPress registration forms with Google's No CAPTCHA reCAPTCHA.

5K No CVEs
Advanced Google reCAPTCHA

Advanced Google reCAPTCHA

advanced-google-recaptcha

A
98

Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.

200K 3 CVEs
Developer Profile

Ultimate Captcha reCAPTCHA Plugin for WordPress Developer Profile

ExpressTech Systems

21 plugins · 122K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
560 days
View full developer profile
Detection Fingerprints

How We Detect Ultimate Captcha reCAPTCHA Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ultimate-captcha/assets/css/admin.css/wp-content/plugins/ultimate-captcha/assets/js/admin.js
Script Paths
/wp-content/plugins/ultimate-captcha/assets/js/admin.js
Version Parameters
ultimate-captcha/assets/css/admin.css?ver=ultimate-captcha/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
ultimatecaptcha-adminultimatecaptcha-admin-contain
JS Globals
ultimatecaptcha_ajax_urlultimatecaptcha_nonce
FAQ

Frequently Asked Questions about Ultimate Captcha reCAPTCHA Plugin for WordPress