CVE-2024-12034

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 24, 2024

CWE ID 340

Summary

CVE-2024-12034 is a vulnerability affecting the Advanced Google reCAPTCHA plugin for WordPress. The flaw, present in all versions up to 1.25, allows unauthenticated attackers to bypass IP blocking functionality. The issue stems from the plugin's use of a weak key when generating unblock requests, making it simple for adversaries to unblock their IP addresses after being locked out due to excessive failed login attempts. This weakness poses a significant risk, as it can enable brute force attacks and other forms of automated hacking against WordPress sites using the vulnerable plugin.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1Kioan
https://www.cve.org/CVERecord?id=CVE-2024-12034
https://nvd.nist.gov/vuln/detail/CVE-2024-12034

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2024-12034

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations