{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4512", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-03-20T14:28:42.326Z", "datePublished": "2026-04-23T06:00:09.102Z", "dateUpdated": "2026-04-23T15:50:03.992Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-23T06:00:09.102Z"}, "title": "WP reCaptcha by WebDesignBy < 2.0 \u2013 Admin+ Stored XSS", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "reCaptcha by WebDesignBy", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "2.0"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptcha_js() function. This allows administrators on multisite installations (who do not have the unfiltered_html capability) to inject arbitrary JavaScript that executes for all visitors to the WordPress login page."}], "references": [{"url": "https://wpscan.com/vulnerability/6dfb4378-fe6a-4462-af10-8e7504e3d593/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Mustafa Ahmed", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T13:02:44.374627Z", "id": "CVE-2026-4512", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T15:50:03.992Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4512", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-23T13:02:44.374627Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T13:02:39.520Z"}}], "cna": {"title": "WP reCaptcha by WebDesignBy < 2.0 \u2013 Admin+ Stored XSS", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Mustafa Ahmed"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "reCaptcha by WebDesignBy", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/6dfb4378-fe6a-4462-af10-8e7504e3d593/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptcha_js() function. This allows administrators on multisite installations (who do not have the unfiltered_html capability) to inject arbitrary JavaScript that executes for all visitors to the WordPress login page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-79 Cross-Site Scripting (XSS)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-04-23T06:00:09.102Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4512", "state": "PUBLISHED", "dateUpdated": "2026-04-23T15:50:03.992Z", "dateReserved": "2026-03-20T14:28:42.326Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-04-23T06:00:09.102Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptcha_js() function. This allows administrators on multisite installations (who do not have the unfiltered_html capability) to inject arbitrary JavaScript that executes for all visitors to the WordPress login page."}], "id": "CVE-2026-4512", "lastModified": "2026-04-23T18:16:30.190", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-23T07:16:41.933", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/6dfb4378-fe6a-4462-af10-8e7504e3d593/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "reCaptcha by WebDesignBy", "source": "cna", "vendor": "Unknown"}, "product": "recaptcha_by_webdesignby", "vendor": "webdesignby"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-28T14:58:23.377974+00:00", "value": {"mitigation_remediation": ["Upgrade the reCaptcha by WebDesignBy WordPress plugin to version 2.0 or later. ", "If an immediate upgrade is not possible, disable or remove the reCaptcha feature from the login page to eliminate the injected code vector. ", "Conduct a site\u2011wide security review to ensure no residual or alternate JavaScript injections remain and verify that the login page loads only trusted scripts."], "summary": {"action": "Patch Now", "impact": "Stored XSS affecting all visitors to the WordPress login page"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the reCaptcha by WebDesignBy plugin with a version prior to 2.0, particularly those configured on a multisite network where administrators lack the unfiltered_html capability. Any installation using this plugin and targeting the login page is at risk.", "description_and_impact": "The reCaptcha by WebDesignBy WordPress plugin version 1.x mishandles the Site Key setting, embedding it unescaped into a JavaScript string through the grecaptcha_js() function. This flaw allows a user with administrative privileges on a multisite installation to insert arbitrary JavaScript that is rendered for every visitor to the site\u2019s login page. The injected code runs with the context of the page and can steal session cookies, launch phishing attacks, or redirect users to malicious sites, thereby compromising the confidentiality and integrity of the login process.", "risk_and_exploitability": "The overall CVSS v3.1 score is 3.5, indicating a moderate severity, and the EPSS probability falls below 1%, suggesting that exploitation is unlikely though not impossible. The vulnerability is not listed in the CISA KEV catalog. The attack requires administrator access to the WordPress backend; the attacker injects the malicious payload via the Site Key setting in the plugin configuration. Once injected, the malicious JavaScript executes for all end users accessing the login page, offering a broad exposure surface for credential theft or further social engineering. Because the flaw is confined to a configuration setting and requires elevated privileges, the practical risk is limited to sites with compromised or inadvertently overly permissive admin accounts."}}}}, "created": "2026-04-28T09:26:20.008897+00:00", "updated": "2026-04-28T15:00:14.538136+00:00", "vendors": ["webdesignby", "webdesignby$PRODUCT$recaptcha_by_webdesignby", "wordpress", "wordpress$PRODUCT$wordpress"]}