CVE-2025-1262: 
WordPress vulnerability analysis and mitigation

The Advanced Google reCaptcha plugin for WordPress contains a CAPTCHA Bypass vulnerability (CVE-2025-1262) affecting versions up to and including 1.27. The vulnerability was discovered and disclosed on February 24, 2025, and was last updated on February 25, 2025. This security issue affects the Built-in Math CAPTCHA verification functionality of the plugin (Wordfence, AttackerKB).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium severity). The attack vector is Network-based (AV:N) with Low attack complexity (AC:L), requiring No privileges (PR:N) and No user interaction (UI:N). The scope is Unchanged (S:U) with No impact on confidentiality (C:N), Low impact on integrity (I:L), and No impact on availability (A:N) (AttackerKB).

The vulnerability allows unauthenticated attackers to bypass the Built-in Math Captcha Verification system. This could potentially lead to automated abuse of forms protected by the plugin's CAPTCHA implementation (AttackerKB).

Users should update the Advanced Google reCaptcha plugin to a version newer than 1.27 to address this vulnerability. The fix has been implemented in the plugin's repository (WordPress Plugin).