CVE-2026-4512

Deferred Deferred - Pending Action

BaseFortify

Publication date: 2026-04-23

Last updated on: 2026-04-23

Assigner: WPScan

Description

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptcha_js() function. This allows administrators on multisite installations (who do not have the unfiltered_html capability) to inject arbitrary JavaScript that executes for all visitors to the WordPress login page.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-04-23

Last Modified

2026-04-23

Generated

2026-05-07

EPSS Evaluated

2026-05-05

NVD

CVE-2026-4512

EUVD

EUVD-2026-25197

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-79	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-4512

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart