Laravel is not a CMS. Goto https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet and read.
Laravel is a php framework. It has CSRF protection and other protection built in to the request. But most real programmers know about owasp.org, and custom program in various protection as needed. If you are having to asked such a question, would CMS software better suite your needs?

i don't think what he is asking is entirely baseless.. I mean laravel has added auth functionality out of box as nowadays it is a requirement for almost every website. So surely in the view/etc a captcha box or something could have been implemented..

but I don't think adding this is a major issue