WordPress SI CAPTCHA Anti-Spam Plugin Cross Site Scripting Vulnerability

Summary
This host is installed with WordPress SI CAPTCHA Anti-Spam Plugin and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow remote attacker to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Impact Level: Application
Solution
No solution or patch is available as of 9th February, 2015. Information regarding this issue will be updated once the solution details are available. For updates refer to http://wordpress.org/plugins/si-captcha-for-wordpress
Insight
Input passed to si-captcha-for-wordpress/captcha-secureimage/test/index.php script via the URL is not validated before returning it to users.
Affected
WordPress SI CAPTCHA Anti-Spam plugin version 2.7.4
Detection
Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.
References