CVE-2026-4512

UNKNOWN 0.0

WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptcha_js() function. This allows administrators on multisite installations (who do not have the unfiltered_html capability) to inject arbitrary JavaScript that executes for all visitors to the WordPress login page.

Vendor	unknown
Product	recaptcha by webdesignby
Published	Apr 23, 2026

Stay Ahead of the Next One

Get instant alerts for unknown recaptcha by webdesignby

Be the first to know when new unknown vulnerabilities affecting unknown recaptcha by webdesignby are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / reCaptcha by WebDesignBy

0 < 2.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/6dfb4378-fe6a-4462-af10-8e7504e3d593/

Credits

Mustafa Ahmed WPScan