• Sun. Oct 17th, 2021

Game Related Captcha Plugin Needs Updating

A popular captcha plugin, FunCaptcha, that using games instead of words or math has been found to have some cross-site scripting vulnerabilities.

Please check your versions if you are using this plugin and make appropriate updates.

Recent Updates To Version .0.4.4 Have Implemented a Fix


Compatible up to: 3.7.1
Last Updated: 2013-11-24


Users complete these little games faster than other CAPTCHAs, with fewer frustrating failures and no typing. They work on all browsers and mobile devices, using HTML5 with a fallback to Flash. Visually impaired users can complete an audio challenge CAPTCHA provided by reCAPTCHA.


Two vulnerabilities have been discovered in the FunCaptcha plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the URL to





is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

The vulnerabilities are confirmed in version 0.4.3. Prior versions may also be affected.




  • Security improvements.
  • Made localhost not cause issues for registration purposes.

Please make sure to keep your website and plugins up-to-date. This is a good example of how easily a hack can be exploited to cause problems for your websites and business. If you have more then one website make sure you check them all.

Derek Wood

Derek is a Online Web Professional. He works with clients and customers in order to implement Web-Based solutions for businesses. These include websites, SEO, marketing, and company branding. His own company, Shadow Dragon Unlimited has been providing these services to local businesses in his Western Massachusetts area and online since 2003.