If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. The details of captcha challenge are exposed within document body of articles with comments & anti spam-captcha functionalities enabled, including "capcha-letter", "capcha-word" and "capcha-token" which can be used to construct a valid post request to publish a comment. As such, attackers can flood articles with automated spam comments, especially if there are no other web defenses available.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
No data.
References
History
Tue, 10 Mar 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. The details of captcha challenge are exposed within document body of articles with comments & anti spam-captcha functionalities enabled, including "capcha-letter", "capcha-word" and "capcha-token" which can be used to construct a valid post request to publish a comment. As such, attackers can flood articles with automated spam comments, especially if there are no other web defenses available. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-03-10T19:02:51.942Z
Reserved: 2026-01-09T00:00:00.000Z
Link: CVE-2025-70129
Vulnrichment
No data.
NVD
Status : Received
Published: 2026-03-10T20:16:20.540
Modified: 2026-03-10T20:16:20.540
Link: CVE-2025-70129
Redhat
No data.
OpenCVE Enrichment
No data.