Does WP Advanced Math Captcha have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Advanced Math Captcha have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Advanced Math Captcha compatible with WordPress 6.8.5?

According to WordPress.org data, WP Advanced Math Captcha 2.1.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is WP Advanced Math Captcha updated?

WP Advanced Math Captcha was last updated on Nov 16, 2025. Frequent updates are generally a positive security signal.

What is WP Advanced Math Captcha's security score?

WP Advanced Math Captcha has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Advanced Math Captcha Security & Risk Analysis

wordpress.org/plugins/wp-advanced-math-captcha

Protect your WordPress site with a powerful and user-friendly Math Captcha. Now with seamless WooCommerce, WPForms, and Formidable Forms integration!

7K active installs v2.1.9 PHP + WP 4.0+ Updated Nov 16, 2025

antispamcaptchacontact-form-7securitywoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is WP Advanced Math Captcha Safe to Use in 2026?

Generally Safe

Score 100/100

WP Advanced Math Captcha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The wp-advanced-math-captcha plugin v2.1.9 exhibits a generally strong security posture based on the static analysis. The absence of any known CVEs and the plugin's vulnerability history indicate a mature and well-maintained codebase. However, the static analysis reveals some areas of concern. Specifically, none of the SQL queries are using prepared statements, which could lead to SQL injection vulnerabilities if the input is not rigorously sanitized elsewhere. Furthermore, a significant portion of the output escaping is not properly handled (only 44%), potentially exposing the site to Cross-Site Scripting (XSS) vulnerabilities. The presence of unsanitized paths in taint analysis, even if not classified as critical or high severity, warrants attention as it could be an avenue for path traversal or file inclusion attacks under specific circumstances.

Despite these identified code-level risks, the plugin has a very limited attack surface and a good number of capability checks and nonce checks, suggesting an awareness of common security practices. The vulnerability history, being entirely clear, is a strong positive indicator. The main weaknesses lie in the direct use of SQL and the insufficient output escaping. A balanced conclusion is that while the plugin has a good track record and a contained attack surface, developers should prioritize addressing the SQL query and output escaping issues to further harden the plugin's security.

Key Concerns

SQL queries not using prepared statements
Insufficient output escaping (44% proper)
Taint flows with unsanitized paths

Vulnerabilities

None known

WP Advanced Math Captcha Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Advanced Math Captcha Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

39 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

44% escaped89 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

mc_general_pro_support (includes\class-settings.php:1286)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

WP Advanced Math Captcha Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[cf7ic-demo1] includes\integrations\wpforms.php:33

WordPress Hooks 70

actionadmin_bar_menuincludes\advert-test-codes.php:44

actionadmin_menuincludes\advert-test-codes.php:45

actionadmin_post_advrec_hide_recommendationincludes\advert-test-codes.php:46

actionadmin_post_advrec_show_recommendationincludes\advert-test-codes.php:47

actionadmin_post_advrec_install_pluginincludes\advert-test-codes.php:48

actionadmin_headincludes\advert-test-codes.php:49

actionadmin_noticesincludes\advert-test-codes.php:50

actionplugins_loadedincludes\advert-test-codes.php:905

actionplugins_loadedincludes\class-cookie-session.php:17

actionwpforms_process_beforeincludes\class-core.php:65

actioninitincludes\class-core.php:66

actionplugins_loadedincludes\class-core.php:67

actionadmin_initincludes\class-core.php:68

actionadmin_initincludes\class-core.php:69

filtershake_error_codesincludes\class-core.php:72

filtermod_rewrite_rulesincludes\class-core.php:73

actioncomment_form_after_fieldsincludes\class-core.php:218

actioncomment_form_logged_in_afterincludes\class-core.php:233

filterpreprocess_commentincludes\class-core.php:236

actionregister_formincludes\class-core.php:252

actionregister_postincludes\class-core.php:253

actionsignup_extra_fieldsincludes\class-core.php:254

filterwpmu_validate_user_signupincludes\class-core.php:255

actionlostpassword_formincludes\class-core.php:271

actionlostpassword_postincludes\class-core.php:272

actionlogin_formincludes\class-core.php:288

filterlogin_redirectincludes\class-core.php:289

filterauthenticateincludes\class-core.php:290

actionbbp_theme_after_reply_form_contentincludes\class-core.php:306

actionbbp_theme_after_topic_form_contentincludes\class-core.php:307

actionbbp_new_reply_pre_extrasincludes\class-core.php:308

actionbbp_new_topic_pre_extrasincludes\class-core.php:309

actionwoocommerce_login_formincludes\class-core.php:325

actionauthenticateincludes\class-core.php:326

actionwoocommerce_register_formincludes\class-core.php:342

actionwoocommerce_register_postincludes\class-core.php:343

actionwoocommerce_lostpassword_formincludes\class-core.php:359

actionlostpassword_postincludes\class-core.php:360

actionwoocommerce_review_order_before_paymentincludes\class-core.php:377

filterrender_block_woocommerce/checkout-payment-blockincludes\class-core.php:378

actionwoocommerce_checkout_processincludes\class-core.php:380

actionwoocommerce_store_api_checkout_update_order_from_requestincludes\class-core.php:381

actionwoocommerce_loadedincludes\class-core.php:382

actionwpforms_display_submit_beforeincludes\class-core.php:398

actionfrm_submit_buttonincludes\class-core.php:414

filterfrm_validate_entryincludes\class-core.php:415

filterallow_password_resetincludes\class-core.php:645

filterlogin_errorsincludes\class-core.php:647

actioninitincludes\class-settings.php:16

actionadmin_initincludes\class-settings.php:17

actionadmin_menuincludes\class-settings.php:18

actioninitincludes\class-update.php:12

actioninitincludes\integrations\contact-form-7.php:7

filterwpcf7_validate_mathcaptchaincludes\integrations\contact-form-7.php:49

filterwpcf7_messagesincludes\integrations\contact-form-7.php:98

actionwpcf7_admin_noticesincludes\integrations\contact-form-7.php:121

actionadmin_initincludes\integrations\contact-form-7.php:142

actionwpforms_display_submit_beforeincludes\integrations\wpforms.php:10

actionwpforms_process_beforeincludes\integrations\wpforms.php:26

actioninitincludes\integrations\wpforms.php:28

actionwp_enqueue_scriptswp-math-captcha.php:36

actioninitwp-math-captcha.php:37

actionplugins_loadedwp-math-captcha.php:133

actionadmin_enqueue_scriptswp-math-captcha.php:134

actionwp_enqueue_scriptswp-math-captcha.php:135

actionlogin_enqueue_scriptswp-math-captcha.php:136

actionadmin_bar_menuwp-math-captcha.php:138

filterplugin_action_linkswp-math-captcha.php:142

filterplugin_row_metawp-math-captcha.php:143

filtercron_scheduleswp-math-captcha.php:145

Scheduled Events 1

math_GEO_cron_event

Maintenance & Trust

WP Advanced Math Captcha Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 16, 2025

PHP min version

Downloads66K

Community Trust

Rating92/100

Number of ratings17

Active installs7K

Alternatives

WP Advanced Math Captcha Alternatives

Captcha by BestWebSoft – Advanced Spam Protection, Math & OCR-Friendly Captcha for Site Forms

captcha-bws

1 The Ultimate Spam Protection Plugin Using Captcha for WordPress Forms.

10K 2 CVEs

Codenitive CAPTCHA Security

codenitive-captcha

100

Protect your WordPress and WooCommerce login, registration, and checkout Contact form 7 (cf7) forms with lightweight Google reCAPTCHA v2.

20 No CVEs

reCaptcha by BestWebSoft

google-captcha

Protect WordPress website forms from spam entries with Google reCAPTCHA.

100K 3 CVEs

Invisible reCaptcha for WordPress

invisible-recaptcha

Invisible reCaptcha for WordPress plugin helps you to protect your sites against bad spam bots using the new Invisible reCaptcha by Google.

90K No CVEs

Contact Form 7 Spam Killer

cf7-advance-security

100

"Contact Form 7 Spam Killer" is a advance spam blocker that will help to prevent unwanted spam for your Contact Form 7 plugin.

4K No CVEs

Developer Profile

WP Advanced Math Captcha Developer Profile

CaptchaMaster

1 plugin · 7K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Advanced Math Captcha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-advanced-math-captcha/js/wmc.js

Script Paths