Description
WordPress Plugin SI CAPTCHA Anti-Spam was deliberately modified to inject spam ads for payday loans and such in the WP posts of the web sites running the plugin. WordPress Plugin SI CAPTCHA Anti-Spam versions 3.0.1 and 3.0.2 are affected ONLY.
Remediation
Update to plugin version 3.0.3 or latest
References
https://wordpress.org/support/topic/where-did-the-plugin-go-2/
https://plugins.svn.wordpress.org/si-captcha-for-wordpress/trunk/readme.txt
Related Vulnerabilities
WordPress 4.2.x Same Origin Method Execution (SOME) Vulnerability (4.2 - 4.2.7)
WordPress Plugin WF Cookie Consent Cross-Site Scripting (1.1.3)
e107 Other Vulnerability (CVE-2006-2590)
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12922)
WordPress Plugin Funky Penguin WP-PHPList 'unsubscribeemail' Parameter Cross-Site Scripting (2.10.2)