MEDIUM
jotis
CVE published 2026-06-24
CVE-2026-10552
The Blue Captcha plugin for WordPress, up to and including version 2.0.1, is vulnerable to Cross-Site Request Forgery (CSRF). This vulnerability stems from missing or incorrect nonce validation on the main admin panel and subpages, such as the Hall of Shame and Log. These pages accept a 'blcap_action' or 'action' parameter from $_REQUEST, which can lead to destructive operations like plugin uninstallation [truncated]