What the vulnerability does
01Description
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.
Explanation of Vulnerability in Simple Terms
Simple Cloudflare Turnstile versions up to 1.38.0 contain an authentication bypass vulnerability. An attacker can manipulate requests to bypass the Turnstile CAPTCHA verification without user interaction. This allows automated attacks, spam submissions, or unauthorized actions on sites using this plugin. Update to a version newer than 1.38.0 immediately.
What an attacker can do
Bypass Cloudflare Turnstile CAPTCHA verification to submit forms or perform actions without solving the challenge.
Potential impact on your site
Spam, automated attacks, and unauthorized form submissions bypass your CAPTCHA protection.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities