It wasn't saving the session variable with the security question answer properly. It may have something to do with your php version or session settings... I couldn't really figure it out.
However, I was able to fix it. I re-arranged the code so the session variable is stored at the top of the page and that seems to have fixed it.
You will have to download the updated versions of the two pages:
webassist/captcha/wavt_captchasecurityquestion.php
webassist/security_assist/helper_php.php