Faulty Implementation
-
Plugin works as intended for registration form and login. However, captcha on comments and contact forms can be bypass; at least for version 2. There is no server-side checking of the google captcha response; it is, for some reason, on the client-side. This mean that someone that wants to bypass the captcha can just send a request and the comment or contact form would go right through. I was able to fix this by disabling the ajax request and handling the google verification on the init hook. You guys should really fix the problem as this essentially renders the captcha useless with a simple request.
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘Faulty Implementation’ is closed to new replies.