If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an automated script is able to solve this anti-spam mechanism trivially and publish spam comments. The details of captcha challenge are exposed within document body of articles with comments & anti spam-captcha functionalities enabled, including "capcha-letter", "capcha-word" and "capcha-token" which can be used to construct a valid post request to publish a comment. As such, attackers can flood articles with automated spam comments, especially if there are no other web defenses available.
CVE-2025-70129
NONE
EPSS 0.02%
Updated Mar 10, 2026
If
CVE Details
CVE ID
CVE-2025-70129
Published Date
Mar 10, 2026
Vendor
If
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
0.02%
Likelihood of exploitation in next 30 days
Percentile:
4.5th percentile (higher than 4.5% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory