Does wp-login captcha have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is wp-login captcha compatible with WordPress 4.9.29?

According to WordPress.org data, wp-login captcha 1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is wp-login captcha updated?

wp-login captcha was last updated on Aug 3, 2018. Frequent updates are generally a positive security signal.

What is wp-login captcha's security score?

wp-login captcha has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

wp-login captcha Security & Risk Analysis

wordpress.org/plugins/wplogin-captcha

You want a captcha protected wplogin or wpadmin login? then use this plugin

10 active installs v1 PHP + WP 4+ Updated Aug 3, 2018

captchagoogle-recaptchawp-login-captchawpadmin-captchawplogin-captcha

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is wp-login captcha Safe to Use in 2026?

Generally Safe

Score 85/100

wp-login captcha has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The wplogin-captcha v1 plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by not utilizing dangerous functions, performing all SQL queries with prepared statements, and having no recorded vulnerability history (CVEs). The absence of file operations and external HTTP requests also reduces potential attack vectors. However, a significant concern arises from the static analysis which indicates that 100% of output operations are not properly escaped. This presents a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the plugin's output, which could then be executed in the browsers of other users. Furthermore, the taint analysis revealed two flows with unsanitized paths, although these were not flagged as critical or high severity. While the plugin has no known CVEs and a clean vulnerability history, the unescaped output is a critical weakness that needs immediate attention. The plugin's strengths lie in its database interaction and lack of known exploits, but its failure to escape output represents a direct and exploitable security flaw.

Key Concerns

All outputs are unescaped
Taint flows with unsanitized paths (2)

Vulnerabilities

None known

wp-login captcha Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

wp-login captcha Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

wp-login captcha Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped6 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

saving_info (admin/wplogin_captcha_admin.php:52)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

wp-login captcha Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_menuadmin/wplogin_captcha_admin.php:18

actionadmin_noticesadmin/wplogin_captcha_admin.php:21

actionadmin_noticesadmin/wplogin_captcha_admin.php:68

filterauthenticatepublic/wplogin_captcha_public.php:13

actionlogin_formpublic/wplogin_captcha_public.php:15

actionlogin_enqueue_scriptspublic/wplogin_captcha_public.php:17

Maintenance & Trust

wp-login captcha Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedAug 3, 2018

PHP min version

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

wp-login captcha Alternatives

Advanced Google reCAPTCHA

advanced-google-recaptcha

Captcha protection against spam comments & brute force login attacks using Google reCAPTCHA.

200K 3 CVEs

CF7 Google Captcha Load After Page

cf7-google-captcha-load-after-page

This plugins use for your website speed improvement and decrease your page request. When you have used contact form 7 and insert you Google Captcha( v …

2K No CVEs

Power Captcha reCAPTCHA

power-captcha-recaptcha

Protect WordPress/WooCommerce/Contact Form 7 forms from spam, brute-force attacks, fake comments, accounts, or registrations with Google reCAPTCHA.

1K No CVEs

Hostbox Google reCAPTCHA

hostbox-google-recaptcha

100

Simple Google reCAPTCHA (v2 and v3) for WordPress, 100% free, no hidden premium, no catches. Supports WooCommerce and Contact Form 7.

700 No CVEs

reCAPTCHA for Ninja Forms

ninja-forms-recaptcha-field

Adds reCAPTCHA field to Ninja Forms.

700 No CVEs

Developer Profile

wp-login captcha Developer Profile

robertJohnConcepcion

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect wp-login captcha

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wplogin-captcha/js/main.js

Script Paths

https://www.google.com/recaptcha/api.jshttps://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit

HTML / DOM Fingerprints

CSS Classes

g-recaptcha

Data Attributes

data-sitekeydata-badge

JS Globals

o_0

FAQ