Security Issue with Default Pligg Captcha
It’s come to our attention that there is an exploit available to bypass the default Pligg captcha method. The security issue seems to be the exploit that the hacker software “Auto-Pligg” is using to skip past user registration. We know what is causing the problem and are working on a fix that should be available shortly on the SVN and in the next version of Pligg which will be out shortly. The next version (9.9.6) will include several more security fixes and a few general upgrades. We also plan to offer a patch download for those who have recently downloaded Pligg 9.9.5 and will only want the updated files.
For now please switch your sites to the Recaptcha or “White Hat” captcha method using your Pligg Admin Panel until we post a solution.