CVE-2026-27411
Received Received - Intake
Guessable CAPTCHA Allows Bypass in SiteGuard WP Plugin

Publication date: 2026-03-05

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Guessable CAPTCHA vulnerability in jp-secure SiteGuard WP Plugin siteguard allows Functionality Bypass.This issue affects SiteGuard WP Plugin: from n/a through <= 1.7.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-27411
EUVD
EUVD-2026-9645
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
patchstack siteguard_wp_plugin to 1.7.9 (inc)
jp-secure siteguard_wp_plugin to 1.7.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-804 The product uses a CAPTCHA challenge, but the challenge can be guessed or automatically recognized by a non-human actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27411 is a bypass vulnerability in the WordPress SiteGuard WP Plugin versions up to and including 1.7.9. It allows an unauthenticated attacker to bypass certain restrictions in the plugin's code, specifically related to CAPTCHA functionality."}, {'type': 'paragraph', 'content': 'This vulnerability falls under the OWASP Top 10 category A7: Identification and Authentication Failures, meaning it affects the authentication mechanisms of the plugin.'}, {'type': 'paragraph', 'content': 'The vulnerability is of low severity with a CVSS score of 5.4 and requires no privileges to exploit.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability allows an attacker to bypass CAPTCHA protections without authentication, potentially enabling automated attacks or abuse of the affected website's functionality."}, {'type': 'paragraph', 'content': 'However, the impact is considered low severity, and it is unlikely to be exploited in a way that causes significant harm.'}] [1]

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

There is no official patch currently available for this vulnerability.

Patchstack provides mitigation and security intelligence services to help protect affected sites.

Since the vulnerability allows an unauthenticated attacker to bypass certain restrictions, it is recommended to monitor and restrict access to the SiteGuard WP Plugin and consider additional security measures such as web application firewalls or other protective controls.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-27411. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart