Does WP Light Captcha have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Light Captcha compatible with WordPress 4.4.34?

According to WordPress.org data, WP Light Captcha 2.0 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is WP Light Captcha updated?

WP Light Captcha was last updated on Aug 13, 2016. Frequent updates are generally a positive security signal.

What is WP Light Captcha's security score?

WP Light Captcha has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Light Captcha Security & Risk Analysis

wordpress.org/plugins/wp-light-captcha

WP Light Captcha is very simple and lightweight captcha plugins for your WordPress site.You can protect unwanted login request from hackers.

20 active installs v2.0 PHP + WP 3.0+ Updated Aug 13, 2016

simple-captchawordpress-math-captchawp-light-captcha

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Light Captcha Safe to Use in 2026?

Generally Safe

Score 85/100

WP Light Captcha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "wp-light-captcha" v2.0 plugin presents a mixed security posture. On the positive side, static analysis shows a commendably small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, there are no dangerous functions or file operations, and all SQL queries are properly prepared. The absence of known CVEs in its history is also a strong indicator of a secure past.

However, significant concerns arise from the output escaping analysis. With 100% of its identified outputs being unescaped, the plugin is highly vulnerable to cross-site scripting (XSS) attacks. Any data displayed by the plugin that originates from user input or external sources could be exploited to inject malicious scripts. The complete lack of capability checks and nonce checks, while seemingly a consequence of the limited attack surface, also means that even if new entry points were introduced, they might not have adequate protection mechanisms.

In conclusion, while the plugin has a clean history and a small attack surface, the critical flaw in output escaping introduces a substantial risk of XSS vulnerabilities. Developers should prioritize addressing this issue to ensure user data and site integrity are protected.

Key Concerns

0% output escaping
0 nonce checks
0 capability checks

Vulnerabilities

None known

WP Light Captcha Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Light Captcha Release Timeline

v1.0.1

Code Analysis

Analyzed Apr 16, 2026

WP Light Captcha Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped4 total outputs

Attack Surface

WP Light Captcha Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionwp_enqueue_scriptswp-light-captcha.php:18

actionlogin_formwp-light-captcha.php:21

actionwp_authenticate_userwp-light-captcha.php:40

actioncomment_formwp-light-captcha.php:59

filterpreprocess_commentwp-light-captcha.php:73

Maintenance & Trust

WP Light Captcha Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedAug 13, 2016

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

WP Light Captcha Alternatives

WM Simple Captcha

wm-simple-captcha

Captcha image for registration page, customize according to your theme.

100 No CVEs

NF Captcha

nf-captcha

NF Captcha adds Really Simple CAPTCHA element for human check.

10 No CVEs

Really Simple CAPTCHA for Buddypress

really-simple-captcha-for-buddypress

This plugin integrates Really Simple Captcha to the Buddypress registration page.

10 No CVEs

Developer Profile

WP Light Captcha Developer Profile

Harun

2 plugins · 920 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Light Captcha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp-light-captcha/css/style.css

Version Parameters

wp-light-captcha/css/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

wplc_user_answerwplc_comment_user_answer

Data Attributes

name="wplc_a"id="wplc_user_answer"name="wplc_user_answer"id="wplc_comment_user_answer"name="wplc_comment_user_answer"

Shortcode Output

<input type="hidden" name="wplc_a" value="<input type="text" id="wplc_user_answer" name="wplc_user_answer" placeholder="Put Answer" required="required"><p><strong>Captcha:</strong> <input type="hidden" name="wplc_a" value="

FAQ