What the vulnerability does
Description
The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-3940
CVE-2024-3940: reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
CVSS base score
—
Key dates
Disclosure timeline
May 10, 2024
CVE published
March 24, 2025
Record updated
