Description

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptcha_js() function. This allows administrators on multisite installations (who do not have the unfiltered_html capability) to inject arbitrary JavaScript that executes for all visitors to the WordPress login page.

INFO

Published Date :

2026-04-23T06:00:09.102Z

Last Modified :

2026-04-23T15:50:03.992Z

Source :

WPScan
AFFECTED PRODUCTS

The following products are affected by CVE-2026-4512 vulnerability.

Vendors Products
Webdesignby
  • Recaptcha By Webdesignby
Wordpress
  • Wordpress
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-4512.

URL Resource
https://wpscan.com/vulnerability/6dfb4378-fe6a-4462-af10-8e7504e3d593/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact