reCAPTCHA Jetpack <= 0.2.2 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.

PoC

This requires Jetpack to be installed and to have a page/post with a Jetpack Contact Form. Add a post/page containing a Jetpack Contact Form shortcode: [contact-form][contact-field label="Name" type="name" required="true" /][contact-field label="Email" type="email" required="true" /][contact-field label="Message" type="textarea" /][/contact-form] Once there is a form using Jetpack, make a logged in admin open an HTML document containing: View the post/page containing the form and see the XSS