Faulty Implementation

  • Plugin works as intended for registration form and login. However, captcha on comments and contact forms can be bypass; at least for version 2. There is no server-side checking of the google captcha response; it is, for some reason, on the client-side. This mean that someone that wants to bypass the captcha can just send a request and the comment or contact form would go right through. I was able to fix this by disabling the ajax request and handling the google verification on the init hook. You guys should really fix the problem as this essentially renders the captcha useless with a simple request.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author bestwebsoft

    (@bestwebsoft)

    Hi Drabc,

    Thank you for drawing our attention to this issue. We are working on fixing it, and as soon as we find a solution, we will add it to the plugin update.

    Regards,
    BestWebSoft Support Team.

    This is exactly the same problem I have with this plugin. So I get about 35 SPAM Mails a day!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Faulty Implementation’ is closed to new replies.