Filtered by vendor Is-human
Subscriptions
Filtered by product Is-human Wordpress Plugin
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-10033 | 2 Is-human, Wordpress | 2 Is-human Wordpress Plugin, Wordpress | 2025-10-21 | N/A |
| The WordPress pluginĀ is-human <= v1.4.2 containsĀ an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval() on user-controlled input, which can lead to execution of attacker-supplied PHP and OS commands. This may result in arbitrary code execution as the webserver user, site compromise, or data exfiltration. The is-human plugin was made defunct in June 2008 and is no longer available for download. This vulnerability was exploited in the wild in March 2012. | ||||
Page 1 of 1.