Description

The WordPress pluginĀ is-human <= v1.4.2 containsĀ an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval() on user-controlled input, which can lead to execution of attacker-supplied PHP and OS commands. This may result in arbitrary code execution as the webserver user, site compromise, or data exfiltration. The is-human plugin was made defunct in June 2008 and is no longer available for download. This vulnerability was exploited in the wild in March 2012.

INFO

Published Date :

2025-10-15T01:23:46.757Z

Last Modified :

2025-10-15T18:49:41.245Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2011-10033 vulnerability.

Vendors Products
Is-human
  • Is-human Wordpress Plugin
Wordpress
  • Wordpress
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2011-10033.

URL Resource
https://web.archive.org/web/20120115212202/http://blog.spiderlabs.com/2012/01/honeypot-alert-is-human-wordpress-plugin-remote-command-execution-attack-detected.html cve-icon cve-icon
https://wordpress.org/plugins/is-human/ cve-icon cve-icon
https://www.exploit-db.com/exploits/17299 cve-icon cve-icon
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-alert-more-wordpress-is_human-plugin-remote-command-injection-attack-detected/ cve-icon cve-icon
https://www.vulncheck.com/advisories/wordpress-plugin-is-human-eval-injection-rce cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability