CVE-2024-3940: reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF
Description
The reCAPTCHA Jetpack WordPress plugin through 0.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Classification
CVE ID: CVE-2024-3940
Problem Types
CWE-352 Cross-Site Request Forgery (CSRF)Affected Products
Vendor: Unknown
Product: reCAPTCHA Jetpack
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.12% (probability of being exploited)
EPSS Percentile: 31.54% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-3940https://wpscan.com/vulnerability/bb0245e5-8e94-4f11-9003-d6208945056c/