Security Issue Really Simple Captcha #3
Description
Hi there,
I happened to come across an issue with WP-Members during Log4j research that seems security relevant.
Used WP-Members version: 3.3.9.3
Wordpress Version: 5.8.2
I did the "Log4Shell" test via https://canarytokens.org/generate and entered the token in the user registration form [wpmem_form register] as name, street etc.... Thereupon the trigger fires at Canarytokens. This may also allow other malicious code to be executed on the server.
The problem occurs as soon as "Really Simple Captcha" is enabled.
I was able to reproduce the problem on a fresh instance without any additional plugins.