From d21e475d129caf1e697e53d7c47595bd85dc0bec Mon Sep 17 00:00:00 2001
From: erwanlr <erwan.lr@gmail.com>
Date: Thu, 27 Mar 2014 22:49:33 +0100
Subject: [PATCH] Captcha plugin v2.12-3.8.1 captcha bypass vuln added

---
 data/plugin_vulns.xml | 12 ++++++++++++
 data/vuln.xsd         |  1 +
 2 files changed, 13 insertions(+)

diff --git a/data/plugin_vulns.xml b/data/plugin_vulns.xml
index fa75cacb..24365f74 100644
--- a/data/plugin_vulns.xml
+++ b/data/plugin_vulns.xml
@@ -11794,4 +11794,16 @@
     </vulnerability>
   </plugin>
 
+  <plugin name="captcha">
+    <vulnerability>
+      <title>Captcha 2.12-3.8.1 - captcha bypass</title>
+      <references>
+        <url>http://www.antoine-cervoise.fr/2014/03/27/contournement-du-plugin-captcha-pour-wordpress-v-3-8-1-et-anterieures/</url>
+        <url>https://github.com/cervoise/pentest-scripts/blob/master/web/cms/captcha-bypass/wordpress-plugins/captcha/bypass-3.8.1-and-previous.php</url>
+      </references>
+      <type>BYPASS</type>
+      <fixed_in>3.8.2</fixed_in>
+    </vulnerability>
+  </plugin>
+
 </vulnerabilities>
diff --git a/data/vuln.xsd b/data/vuln.xsd
index 5d9c0276..40acfde5 100644
--- a/data/vuln.xsd
+++ b/data/vuln.xsd
@@ -40,6 +40,7 @@
       <xs:enumeration value="CSRF"/>
       <xs:enumeration value="SSRF"/>
       <xs:enumeration value="AUTHBYPASS"/>
+      <xs:enumeration value="BYPASS"/>
       <xs:enumeration value="FPD"/>
       <xs:enumeration value="XXE"/>
     </xs:restriction>