WP Cryptographp CAPTCHA bypass vulnerability

Mustlive at it again. This time he has broken the Captcha system for the Cryptographp plugin for WordPress. To quote him:

Statistics at wordpress.org said that this plugin was downloaded 6285 times. And taking into account that this plugin also can be downloaded from others sources, so total amount of downloads and sites which use this plugin is much more. So there are many thousands of sites which are in risk with this plugin.

This captcha is vulnerable for session reusing with constant captcha bypass method. This Insufficient Anti-automation hole I found 15.11.2007.

No known fix available as yet.

Random Posts

• WordPress Trackback < 2.8.5 Denial of Service
• SEO Egghead Blog gets hit with spam
• wp-feedstats persistent XSS
• Choosing the right anti-spam solution
• WordPress 2.3 changes

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Copyright 2007. BlogSecurity. All rights reserved

• Home
• About
• Advertise
• BlogSec News
• Contact Us
• WPSCAN