Missing score check for recaptcha v3

Hello,

We are trying to implement your recaptcha v3 solution on our form and the spam bots are still able to submit forms even though everything is setup correctly.

Diving into your plugin source code, I can see that you only check if the “success” property of the recaptcha site verify service is equal to “true”. You never check if the score is superior to a set threshold before allowing the form being submited.

From the google recaptcha doc :
success”: true|false, // whether this request was a valid reCAPTCHA token for your site
When I think you should be checking the score once “success” is true. Or it defeats the entire purpose of using recaptcha v3. You should probably also provide a way in the back-office for the administrator to specify the minimum score requirement.

We modified your file “vfb-pro/public/class-securiy.php”, line 110 :
if ( $resp[‘success’] )
to
if ( $resp[‘success’] && $resp[‘score’] >= 0.5)

After this change, the bots are getting blocked correctly.

Am I missing something ? If not, could you update your plugin to include this score check ? I don’t want to change your plugin source code and break future updates.

Please let me know,
Swan