It wasn't saving the session variable properly for the security question. I was able to fix it by re-arranging the code so the session variable is set on the top of the page and then displayed below. You will need to download the updated file and updated /webassist/captcha/wavt_captchasecurityquestion.php file.