The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.
Add your gear to cvedb and we'll alert you only when login_no_captcha_recaptcha_project ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.