A local file inclusion vulnerability exists in the captcha function in Monstra 3.0.4 which allows remote malicious users to execute arbitrary PHP code.
monstra monstra 3.0.4