Captcha plugin v2.12-3.8.1 captcha bypass vuln added

2014-03-27 22:49:33 +01:00
parent 48bdf0b2a9
commit d21e475d12
2 changed files with 13 additions and 0 deletions
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -11794,4 +11794,16 @@
    </vulnerability>
  </plugin>

+  <plugin name="captcha">
+    <vulnerability>
+      <title>Captcha 2.12-3.8.1 - captcha bypass</title>
+      <references>
+        <url>http://www.antoine-cervoise.fr/2014/03/27/contournement-du-plugin-captcha-pour-wordpress-v-3-8-1-et-anterieures/</url>
+        <url>https://github.com/cervoise/pentest-scripts/blob/master/web/cms/captcha-bypass/wordpress-plugins/captcha/bypass-3.8.1-and-previous.php</url>
+      </references>
+      <type>BYPASS</type>
+      <fixed_in>3.8.2</fixed_in>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>
--- a/data/vuln.xsd
+++ b/data/vuln.xsd
@@ -40,6 +40,7 @@
      <xs:enumeration value="CSRF"/>
      <xs:enumeration value="SSRF"/>
      <xs:enumeration value="AUTHBYPASS"/>
+      <xs:enumeration value="BYPASS"/>
      <xs:enumeration value="FPD"/>
      <xs:enumeration value="XXE"/>
    </xs:restriction>