CVE-2018-20988

The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation.