First published: Thu Aug 22 2019(Updated: )
The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Google Forms Project Google Forms | <0.94 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-20988 is a vulnerability in the wpgform plugin for WordPress that allows for eval injection in the CAPTCHA calculation.
CVE-2018-20988 has a severity rating of high (7.5).
CVE-2018-20988 affects Google Forms Project Google Forms version up to and excluding 0.94 on WordPress.
To fix CVE-2018-20988, you should update the wpgform plugin to version 0.94 or later.
You can find more information about CVE-2018-20988 on the official WordPress plugin page for wpgform: https://wordpress.org/plugins/wpgform/#developers