NIXPKGS-2026-0290

GitHub issue published on 20 Feb 2026

Permalink CVE-2026-25315

updated 1 day, 13 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 18 hours ago
@LeSuisse accepted 1 day, 13 hours ago
@LeSuisse published on GitHub 1 day, 13 hours ago

WordPress hCaptcha for WP plugin <= 4.22.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in hcaptcha hCaptcha for WP hcaptcha-for-forms-and-more allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects hCaptcha for WP: from n/a through <= 4.22.0.

Affected products

hcaptcha-for-forms-and-more

=<<= 4.22.0

Matching in nixpkgs

pkgs.wordpressPackages.plugins.hcaptcha-for-forms-and-more

None

nixos-unstable 4.22.0
- nixpkgs-unstable 4.22.0
- nixos-unstable-small 4.22.0
nixos-25.11 4.12.0
- nixos-25.11-small 4.12.0
- nixpkgs-25.11-darwin 4.12.0

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0290

Affected products

Matching in nixpkgs

pkgs.wordpressPackages.plugins.hcaptcha-for-forms-and-more