WordPress Conditional CAPTCHA Plugin Allows Redirect to Malicious Sites

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.3

WordPress Conditional CAPTCHA Plugin Allows Redirect to Malicious Sites

CVE-2026-1369

Summary

If you have the Conditional CAPTCHA plugin installed on your WordPress site, an attacker could potentially trick users into visiting malicious websites. This could lead to phishing or other types of attacks. Update the plugin to version 4.0.1 or later to fix this issue.

Original title

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

Original description

The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

nvd CVSS3.1 4.3

Vulnerability type

CWE-601 Open Redirect

https://wpscan.com/vulnerability/5a275725-85f2-4463-880b-9473dbdfa8e0/

Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026