EIP-2026-108930

PRE-CVE

JQuery-Real-Person plugin - Bypass Captcha

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108930. PoCs published by Alberto_García_Illera.

AI-analyzed exploit summary This writeup describes a bypass vulnerability in the JQuery-Real-Person captcha plugin (v1.0.1) where the captcha validation can be circumvented by reusing a valid pair of captcha characters and their associated hash value. The attack leverages the lack of proper validation between the displayed captcha and the submitted value.

Description

JQuery-Real-Person plugin - Bypass Captcha

Exploits (1)

exploitdb WRITEUP VERIFIED

by Alberto_García_Illera · textwebappsphp

https://www.exploit-db.com/exploits/18167

View Code ZIP pw:eip

This writeup describes a bypass vulnerability in the JQuery-Real-Person captcha plugin (v1.0.1) where the captcha validation can be circumvented by reusing a valid pair of captcha characters and their associated hash value. The attack leverages the lack of proper validation between the displayed captcha and the submitted value.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: JQuery-Real-Person captcha plugin v1.0.1

No auth needed

Prerequisites: Access to a valid captcha image and its associated hash value

MITRE ATT&CK

T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026