CWE-804 15 個 CVE MITRE 定義 ↗

CWE-804:Guessable CAPTCHA

概覽

CWE-804(Guessable CAPTCHA)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Web Server Sometimes

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-49953 2026-06-15 Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and p…
CVE-2026-40935 2026-04-21 WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, le…
CVE-2025-70129 2026-03-10 If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an …
CVE-2026-27411 2026-03-05 Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9.
CVE-2025-10423 2025-09-15 A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely.…
CVE-2025-8546 2025-08-05 A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects the function adminlogin/login of the component Verification Code Handler. The manipulation lead…
CVE-2025-50850 2025-07-31 An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker to systematica…
CVE-2025-40916 2025-06-16 Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the captcha text as we…
CVE-2025-32036 2025-04-08 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired…
CVE-2025-1262 2025-02-25 The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in …
CVE-2024-31295 2024-05-17 Guessable CAPTCHA vulnerability in BestWebSoft Captcha by BestWebSoft allows Functionality Bypass.This issue affects Captcha by BestWebSoft: from n/a through 5.2.0.
CVE-2024-30540 2024-05-17 Guessable CAPTCHA vulnerability in Guido VS Contact Form allows Functionality Bypass.This issue affects VS Contact Form: from n/a through 14.7.
CVE-2023-6963 2024-02-05 The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to bypass the Captcha V…
CVE-2022-4036 2022-11-29 The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72. This is due to the use of insufficiently strong hashing algorithm on the CAP…
CVE-2022-1801 2022-06-20 The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very ea…

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2010-01-15
版本
1.8
評論
New entry to handle anti-automation as identified in WASC.

內容修訂

日期 名稱 版本 重要性 評論
2010-06-21 CWE Content Team 1.9 updated Common_Consequences
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Likelihood_of_Exploit
2020-02-24 CWE Content Team 4.0 updated Relationships
2022-10-13 CWE Content Team 4.9 updated Description, Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples
cvelogic Threat Intelligence