Title: Security vulnerability Last modified: June 7, 2026 --- # Security vulnerability * Resolved [fedeltamedia](https://wordpress.org/support/users/fedeltamedia/) * (@fedeltamedia) * [2 days, 8 hours ago](https://wordpress.org/support/topic/security-vulnerability-223/) * The Plugin “Advanced Google reCAPTCHA” has a security vulnerability. * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-google-recaptcha/wp-captcha-pro-538-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-google-recaptcha/wp-captcha-pro-538-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload) * Before you’re gonna reply with “That vulnerability was present ONLY in the PRO version […]”. Do realize that EVERY user with a security plugin like Wordfence will receive this message. When not fixed, people will uninstall this plugin. Either patch it, or push an empty update labeled “Security vulnerability patched” to stop the warnings/topics the coming days. Or… do nothing and lose users. Viewing 6 replies - 1 through 6 (of 6 total) * Plugin Author [Alexandru Tapuleasa](https://wordpress.org/support/users/talextech/) * (@talextech) * [1 day, 19 hours ago](https://wordpress.org/support/topic/security-vulnerability-223/#post-18931852) * Hi, * Thank you for the suggestion, we will do that. But Wordfence itself seems to differentiate between free and PRO and is not showing an alert for the free version. Could you tell us what plugin you use to check vulnerabilities? * [wzshop](https://wordpress.org/support/users/wzshop/) * (@wzshop) * [1 day, 18 hours ago](https://wordpress.org/support/topic/security-vulnerability-223/#post-18931910) * Exactly this, we are waiting for a fix. * [wzshop](https://wordpress.org/support/users/wzshop/) * (@wzshop) * [1 day, 18 hours ago](https://wordpress.org/support/topic/security-vulnerability-223/#post-18931938) * Hi, it does alert for the free version. Currently using free version, version 1.35 and Wordfence does give the alert that there is a critical Security vulnerability * Thread Starter [fedeltamedia](https://wordpress.org/support/users/fedeltamedia/) * (@fedeltamedia) * [1 day, 18 hours ago](https://wordpress.org/support/topic/security-vulnerability-223/#post-18931939) * We are using Advanced Google reCAPTCHA free version 1.35. In combination with Wordfence free. The hint on why the alert is sent out for the Free version lies in the first line on the Wordfence website: * _“The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin,** both have the same slug**) plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 5.38.”_ * You’ve published both the free and pro plugin under the same slug. So any security vulnerability found in the pro version, will also trigger the free version. * Again: 1. Push an empty update labeled “Security vulnerability patched”. And keep doing this each time a new security vulnerability is foundor:2. Move either version to their own slug - This reply was modified 1 day, 18 hours ago by [fedeltamedia](https://wordpress.org/support/users/fedeltamedia/). - This reply was modified 1 day, 18 hours ago by [fedeltamedia](https://wordpress.org/support/users/fedeltamedia/). * [Cognisant_2000](https://wordpress.org/support/users/cognisant_2000/) * (@cognisant_2000) * [1 day, 18 hours ago](https://wordpress.org/support/topic/security-vulnerability-223/#post-18932004) * We also got this warning from one customer site. The version is Version 1.35, so either this has been fixed on both Pro and Free, or this is something new. * Here is the full page from WordFence warning [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-google-recaptcha/wp-captcha-pro-538-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/advanced-google-recaptcha/wp-captcha-pro-538-missing-authorization-to-authenticated-subscriber-arbitrary-file-upload) * The page status shows 5 of June, so this may be something new, as the previous issue was detected on 27 March 2025. * Please can you clarify as we need to either find a fix for this, or replace it with an alternative. * Regards * [evildoer](https://wordpress.org/support/users/evildoer/) * (@evildoer) * [1 day, 15 hours ago](https://wordpress.org/support/topic/security-vulnerability-223/#post-18932310) * Same here. Version 1.3.5 and waiting for update confirmation on the security threat showing on multiple websites. * Is the free version fixed or not ? Viewing 6 replies - 1 through 6 (of 6 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-vulnerability-223%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/advanced-google-recaptcha/assets/icon-256x256.png?rev=2493018) * [Advanced Google reCAPTCHA](https://wordpress.org/plugins/advanced-google-recaptcha/) * [Frequently Asked Questions](https://wordpress.org/plugins/advanced-google-recaptcha/#faq) * [Support Threads](https://wordpress.org/support/plugin/advanced-google-recaptcha/) * [Active Topics](https://wordpress.org/support/plugin/advanced-google-recaptcha/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/advanced-google-recaptcha/unresolved/) * [Reviews](https://wordpress.org/support/plugin/advanced-google-recaptcha/reviews/) ## Tags * [security threat](https://wordpress.org/support/topic-tag/security-threat/) * 10 replies * 5 participants * Last reply from: [evildoer](https://wordpress.org/support/users/evildoer/) * Last activity: [1 day, 15 hours ago](https://wordpress.org/support/topic/security-vulnerability-223/#post-18932310) * Status: resolved