The cformsII plugin for WordPress contains a vulnerability within its
Captcha Verification functionality. This vulnerability exists due to an
inherent trust of user controlled input. An attacker could utilise this
vulnerability to completely bypass the captcha security mechanism on any
wordpress
I was poking at some Ricoh MFPs several days ago, when I found this. It is
nothing to get to terribly excited about as it's just a reflected XSS.
However, the ability to abuse any trusted internal IP should be considered a
threat. Companies have taken big hits from less. So without further ado,