CVE-2026-57365
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-57365, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Chandwani reCAPTCHA (v2 &amp; v3) for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA (v2 &amp; v3) for Asgaros Forum: from n/a through <= 1.1.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
asgaros recaptcha-for-asgaros-forum 1.1.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Cross Site Scripting (XSS) issue in the WordPress reCAPTCHA (v2 & v3) for Asgaros Forum Plugin, versions 1.1.0 and below.

It allows attackers to inject malicious scripts into web pages generated by the plugin. These scripts can execute in the browsers of visitors to the affected site.

The vulnerability is DOM-Based XSS, meaning the malicious script is executed as a result of modifying the Document Object Model (DOM) in the victim's browser.

Exploitation requires a privileged user to perform an action such as clicking a malicious link or submitting a form.

Impact Analysis

If exploited, this vulnerability can allow attackers to execute malicious scripts on your website, which could lead to unauthorized redirects, display of unwanted advertisements, or other malicious activities.

This can compromise the security and integrity of your website and negatively affect your users' experience and trust.

Because the vulnerability requires a privileged user to trigger it, it could be used in targeted attacks or mass campaigns if such users are tricked.

The vulnerability has a moderate severity with a CVSS score of 6.5.

Updating to version 1.1.1 or applying mitigation rules is recommended to prevent exploitation.

Detection Guidance

This vulnerability involves Cross Site Scripting (XSS) in the reCAPTCHA (v2 & v3) for Asgaros Forum plugin versions 1.1.0 and below. Detection typically involves monitoring for suspicious script injections or unusual behavior triggered by privileged users interacting with the forum.

Since the vulnerability requires a privileged user to click a malicious link or submit a form, network or system detection can focus on identifying such suspicious inputs or script execution attempts.

Specific commands are not provided in the available resources, but general approaches include using web application scanners to detect XSS vulnerabilities or monitoring web server logs for unusual input patterns or script injections.

Mitigation Strategies

The immediate recommended step is to update the reCAPTCHA (v2 & v3) for Asgaros Forum plugin to version 1.1.1 or later, where the vulnerability is patched.

Until the update can be applied, applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability is advised.

Additionally, limiting privileged user interactions with untrusted links or forms can reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57365. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart