mojotv/base64captcha < 1.3.6 - Insufficient Verification of Data Authenticity in Verify Function
When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.