5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.
wpscan.com/vulnerability/6e09e922-983c-4406-8053-747d839995d1/