Challenge response appears in html

  • todditron

    (@todditron)


    1 month ago

    We are struggling to block spam which seems to bypass both the challenge question and reCaptcha.

    We did notice that the challenge response answer appears right in the source code injected in usp_core-js-before

    <script type="text/javascript" id="usp_core-js-before">
    /* <![CDATA[ */ var usp_custom_field = ""; var usp_custom_field_2 = ""; var usp_custom_checkbox = ""; var usp_case_sensitivity = "false"; var usp_challenge_response = "challenge-response-should-not-appear-here"; var usp_min_images = 0; var usp_max_images = 6; var usp_parsley_error = "Incorrect response."; var usp_multiple_cats = 0; var usp_existing_tags = 0; var usp_recaptcha_disp = "show"; var usp_recaptcha_vers = "2"; var usp_recaptcha_key = "6LfjFVoUAAAAAOqsig7Zv8Ucb1NrehpwPakVj0a9"; /* ]]> */
    </script>

    That may or may not be the reason spam is getting through, but anyone tailoring a bot to this plugin would be able to solve that pretty easily? That challenge response answer should never appear client side, and only be used server side

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jeff Starr

    (@specialk)

    Ah good catch, thank you for reporting, @todditron.

    I have added to the list for the next plugin update.

    Please let me know if any further details/infos, Thank you.

    Thread Starter todditron

    (@todditron)

    Very good, thank you

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.