A vulnerability identified as critical has been detected in webfactory Advanced Google reCAPTCHA Plugin up to 5.38 on WordPress. This impacts the function ajax_run_tool of the component AJAX Handler . The manipulation leads to authentication bypass using alternate channel. This vulnerability is listed as CVE-2026-5415 . The attack may be initiated remotely. There is no available exploit.