Description
WordPress Plugin Captcha contains a backdoor. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Captcha versions starting from 4.3.6 and up to, and including 4.4.4 are vulnerable.
Remediation
Update to plugin version 4.4.5 or latest
References
https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/
Related Vulnerabilities
OpenSSL Out-of-bounds Read Vulnerability (CVE-2004-0112)
MySQL CVE-2019-2529 Vulnerability (CVE-2019-2529)
WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Request Forgery (1.7.8)
Atlassian Jira Deserialization of Untrusted Data Vulnerability (CVE-2020-14172)
MySQL Improper Input Validation Vulnerability (CVE-2012-5614)