WP-Safety

ReCaptcha Integration for WordPress Security & Risk Analysis

wordpress.org/plugins/wp-recaptcha-integration

reCaptcha for login, signup, comment forms, Ninja Forms and woocommerce.

10K active installs v1.2.8 PHP 5.4+ WP 3.8+ Updated Oct 29, 2025
captchaloginno-captcharecaptchasecurity
99
A · Safe
CVEs total2
Unpatched0
Last CVENov 1, 2024
Plugin page Download
Safety Verdict

Is ReCaptcha Integration for WordPress Safe to Use in 2026?

Generally Safe

Score 99/100

ReCaptcha Integration for WordPress has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

2 known CVEsLast CVE: Nov 1, 2024Updated 6mo ago
Risk Assessment

The 'wp-recaptcha-integration' plugin v1.2.8 exhibits a generally positive security posture, with no critical or high-severity vulnerabilities identified in its recent history and a clean taint analysis. The code adheres to good practices by utilizing prepared statements for all SQL queries and performing a reasonable number of capability checks and nonce checks on its entry points. The attack surface is limited, and all identified AJAX handlers appear to have authentication checks, which is a strong indicator of a secure design for user-facing interactions. However, the plugin's history of two medium-severity Cross-Site Scripting (XSS) vulnerabilities, with the latest occurring in November 2024, remains a concern. While currently unpatched vulnerabilities are zero, this recurring pattern suggests a potential for XSS flaws to emerge, possibly due to insufficient output escaping in certain contexts (84% is good, but not perfect). The presence of file operations and external HTTP requests, while not inherently insecure, warrants attention as potential vectors if not handled with strict sanitization and validation.

Key Concerns

  • Recurring medium severity XSS vulnerabilities
  • 84% of output escaping is not 100%
Vulnerabilities
2 published

ReCaptcha Integration for WordPress Security Vulnerabilities

CVEs by Year

2 CVEs in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-8739medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ReCaptcha Integration for WordPress <= 1.2.5 - Reflected Cross-Site Scripting

Nov 1, 2024 Patched in 1.2.6 (1d)
CVE-2024-37946medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ReCaptcha Integration for WordPress <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jul 10, 2024 Patched in 1.2.8 (478d)
Version History

ReCaptcha Integration for WordPress Release Timeline

v1.3.0
v1.2.8Current
v1.2.71 CVE
CVE-2024-37946
v1.2.61 CVE
CVE-2024-37946
v1.2.52 CVEs
CVE-2024-8739 CVE-2024-37946
v1.2.42 CVEs
CVE-2024-8739 CVE-2024-37946
v1.2.32 CVEs
CVE-2024-8739 CVE-2024-37946
v1.2.22 CVEs
CVE-2024-8739 CVE-2024-37946
v1.2.12 CVEs
CVE-2024-8739 CVE-2024-37946
v1.2.02 CVEs
CVE-2024-8739 CVE-2024-37946
v1.1.102 CVEs
CVE-2024-8739 CVE-2024-37946
v1.1.92 CVEs
CVE-2024-8739 CVE-2024-37946
v1.1.82 CVEs
CVE-2024-8739 CVE-2024-37946
v1.1.72 CVEs
CVE-2024-8739 CVE-2024-37946
v1.1.62 CVEs
CVE-2024-8739 CVE-2024-37946
v1.1.52 CVEs
CVE-2024-8739 CVE-2024-37946
v1.1.42 CVEs
CVE-2024-8739 CVE-2024-37946
v1.1.32 CVEs
CVE-2024-8739 CVE-2024-37946
v1.1.22 CVEs
CVE-2024-8739 CVE-2024-37946
v1.1.12 CVEs
CVE-2024-8739 CVE-2024-37946
Code Analysis
Analyzed Mar 16, 2026

ReCaptcha Integration for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
17
92 escaped
Nonce Checks
4
Capability Checks
2
File Operations
1
External Requests
3
Bundled Libraries
0

Output Escaping

84% escaped109 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
process_network_settings (inc\class-wp_recaptcha_options.php:54)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

ReCaptcha Integration for WordPress Attack Surface

Entry Points3
Unprotected0

AJAX Handlers 3

authwp_ajax_recaptcha-init-test-api-keyinc\class-wp_recaptcha_options.php:194
authwp_ajax_recaptcha-test-api-keyinc\class-wp_recaptcha_options.php:195
authwp_ajax_recaptcha-test-verificationinc\class-wp_recaptcha_options.php:196
WordPress Hooks 67
actioninitinc\class-wp_recaptcha.php:71
actionplugins_loadedinc\class-wp_recaptcha.php:72
actionwp_headinc\class-wp_recaptcha.php:124
actionwp_footerinc\class-wp_recaptcha.php:125
actionlogin_headinc\class-wp_recaptcha.php:128
actionlogin_headinc\class-wp_recaptcha.php:129
actionlogin_footerinc\class-wp_recaptcha.php:130
filtercomment_form_submit_buttoninc\class-wp_recaptcha.php:140
filtercomment_form_defaultsinc\class-wp_recaptcha.php:142
actionpre_comment_on_postinc\class-wp_recaptcha.php:145
actionprint_comments_recaptchainc\class-wp_recaptcha.php:147
filtercomments_recaptcha_htmlinc\class-wp_recaptcha.php:148
actionbp_account_details_fieldsinc\class-wp_recaptcha.php:153
actionbp_signup_pre_validateinc\class-wp_recaptcha.php:154
actionregister_forminc\class-wp_recaptcha.php:156
filterregistration_errorsinc\class-wp_recaptcha.php:157
actionsignup_extra_fieldsinc\class-wp_recaptcha.php:160
filterwpmu_validate_user_signupinc\class-wp_recaptcha.php:161
filtersignup_recaptcha_htmlinc\class-wp_recaptcha.php:163
actionlogin_forminc\class-wp_recaptcha.php:167
filterwp_authenticate_userinc\class-wp_recaptcha.php:168
filterlogin_recaptcha_htmlinc\class-wp_recaptcha.php:169
actionlostpassword_forminc\class-wp_recaptcha.php:172
actionlostpassword_postinc\class-wp_recaptcha.php:174
filterlostpassword_recaptcha_htmlinc\class-wp_recaptcha.php:178
filterwp_recaptcha_languageinc\class-wp_recaptcha.php:181
actionrecaptcha_printinc\class-wp_recaptcha.php:183
filterrecaptcha_errorinc\class-wp_recaptcha.php:184
filterrecaptcha_htmlinc\class-wp_recaptcha.php:185
filterrecaptcha_validinc\class-wp_recaptcha.php:187
actioninitinc\class-wp_recaptcha_awesome_support.php:35
actionwpas_after_login_fieldsinc\class-wp_recaptcha_awesome_support.php:54
filterwpas_try_logininc\class-wp_recaptcha_awesome_support.php:55
actionwpas_after_registration_fieldsinc\class-wp_recaptcha_awesome_support.php:59
filterwpas_register_account_errorsinc\class-wp_recaptcha_awesome_support.php:60
actioninitinc\class-wp_recaptcha_bbpress.php:32
actionbbp_theme_before_topic_form_submit_wrapperinc\class-wp_recaptcha_bbpress.php:52
actionbbp_new_topic_pre_extrasinc\class-wp_recaptcha_bbpress.php:53
actionbbp_theme_before_reply_form_submit_wrapperinc\class-wp_recaptcha_bbpress.php:57
filterbbp_new_reply_pre_extrasinc\class-wp_recaptcha_bbpress.php:58
filtercforms2_add_captchainc\class-wp_recaptcha_cforms2.php:32
actioninitinc\class-wp_recaptcha_contactform7.php:32
actioninitinc\class-wp_recaptcha_ninjaforms.php:30
actionadmin_initinc\class-wp_recaptcha_options.php:34
actionadmin_menuinc\class-wp_recaptcha_options.php:35
actionnetwork_admin_menuinc\class-wp_recaptcha_options.php:41
actionpre_update_option_recaptcha_publickeyinc\class-wp_recaptcha_options.php:44
actionpre_update_option_recaptcha_privatekeyinc\class-wp_recaptcha_options.php:45
actionadd_option_recaptcha_publickeyinc\class-wp_recaptcha_options.php:46
actionadd_option_recaptcha_privatekeyinc\class-wp_recaptcha_options.php:47
filterwp_redirectinc\class-wp_recaptcha_options.php:128
filterwp_redirectinc\class-wp_recaptcha_options.php:140
actionadmin_noticesinc\class-wp_recaptcha_options.php:170
filteroption_recaptcha_disable_submitinc\class-wp_recaptcha_options.php:434
actioninitinc\class-wp_recaptcha_woocommerce.php:32
actionwoocommerce_review_order_before_submitinc\class-wp_recaptcha_woocommerce.php:50
actionwoocommerce_checkout_processinc\class-wp_recaptcha_woocommerce.php:51
filterwc_checkout_recaptcha_htmlinc\class-wp_recaptcha_woocommerce.php:52
filterwp_recaptcha_requiredinc\class-wp_recaptcha_woocommerce.php:54
actionwoocommerce_login_forminc\class-wp_recaptcha_woocommerce.php:57
filterwoocommerce_process_login_errorsinc\class-wp_recaptcha_woocommerce.php:58
actionwoocommerce_register_forminc\class-wp_recaptcha_woocommerce.php:66
filterwoocommerce_registration_errorsinc\class-wp_recaptcha_woocommerce.php:71
filterwoocommerce_form_field_recaptchainc\class-wp_recaptcha_woocommerce.php:75
actionwoocommerce_lostpassword_forminc\class-wp_recaptcha_woocommerce.php:80
filterwoocommerce_locate_templateinc\class-wp_recaptcha_woocommerce.php:83
filtersite_transient_update_pluginswp-recaptcha-integration.php:63
Maintenance & Trust

ReCaptcha Integration for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 29, 2025
PHP min version5.4
Downloads296K

Community Trust

Rating88/100
Number of ratings94
Active installs10K
Alternatives

ReCaptcha Integration for WordPress Alternatives

Protect Ai Login

Protect Ai Login

protect-ai-login

A
85

Change default login site to a custom URL, block spam, bot registration, and brute-force using Google reCAPTCHA.

10 No CVEs
Login No Captcha reCAPTCHA

Login No Captcha reCAPTCHA

login-recaptcha

A
85

Adds a Google No Captcha ReCaptcha checkbox to your Wordpress and Woocommerce login, forgot password, and user registration pages.

60K 1 CVE
Login Security Captcha

Login Security Captcha

login-security-recaptcha

A
100

Secure WordPress login, registration, and comment form with Google reCAPTCHA or Cloudflare Turnstile. Prevent Brute-force attacks and more.

10K No CVEs
DoLogin Security

DoLogin Security

dologin

A
98

Easy Login. 2FA login. Passwordless login. Cloudflare Turnstile reCAPTCHA. GeoLocation (Continent/Country/City)/IP range to limit login attempts.

7K 4 CVEs
No CAPTCHA reCAPTCHA

No CAPTCHA reCAPTCHA

no-captcha-recaptcha

A
85

Protect WordPress login, registration, comment and BuddyPress registration forms with Google's No CAPTCHA reCAPTCHA.

5K No CVEs
Developer Profile

ReCaptcha Integration for WordPress Developer Profile

weDevs

20 plugins · 102K total installs

74
trust score
Avg Security Score
93/100
Avg Patch Time
344 days
View full developer profile
Detection Fingerprints

How We Detect ReCaptcha Integration for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-recaptcha-integration/css/admin.css/wp-content/plugins/wp-recaptcha-integration/css/style.css/wp-content/plugins/wp-recaptcha-integration/js/admin.js/wp-content/plugins/wp-recaptcha-integration/js/frontend.js
Script Paths
https://www.google.com/recaptcha/api.js
Version Parameters
wp-recaptcha-integration/css/admin.css?ver=wp-recaptcha-integration/css/style.css?ver=wp-recaptcha-integration/js/admin.js?ver=wp-recaptcha-integration/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes
wp-recaptcha-integration
HTML Comments
Copyright 2020 weDevsCopyright 2014 Jörn Lund
Data Attributes
data-sitekeydata-callbackdata-expired-callback
JS Globals
recaptchaCallbackrecaptchaExpiredCallback
FAQ

Frequently Asked Questions about ReCaptcha Integration for WordPress