A critical authentication bypass flaw in the WP Captcha PRO WordPress plugin allows attackers to escalate privileges and gain full administrative control.

The vulnerability exists in the ajax_run_tool() handler, which fails to perform proper capability checks, allowing attackers with Subscriber-level access to generate passwordless login links for any account.

With a CVSS score of 8.8, this vulnerability represents a severe risk to the integrity and confidentiality of WordPress sites. An attacker can achieve full administrative access, leading to total site compromise, data exfiltration, and the potential for persistent backdoors.

Immediate Action: Discontinue use of the vulnerable plugin or restrict access until a patched version is provided by the vendor.

Proactive Monitoring: Audit user account creation logs and look for anomalous login activity or unexpected administrative changes performed by lower-privileged user accounts.

Compensating Controls: Implement a Web Application Firewall (WAF) rule to block requests to the vulnerable ajax_run_tool endpoint.

Public Exploit Available: true

Due to the availability of public exploits and the high risk of account takeover, site administrators must act immediately to isolate the affected plugin. Remove the plugin from production environments if a verified patch is not immediately available.