RCE in Is-human Wordpress Plugin
CVE-2011-10033
The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval…
EPSS: 0.004 (34.9th percentile) — read the EPSS interpretation.
Affected products
- Is-human Wordpress Plugin — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (technical-description)
- disclosure@vulncheck.com (technical-description)
- disclosure@vulncheck.com (third-party-advisory)