CVE-2011-10033
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | is-human | 1.4.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2011-10033 is a critical remote code execution vulnerability in the WordPress plugin 'is-human' version 1.4.2 and earlier. The flaw exists in the file /is-human/engine.php, where the 'type' parameter is unsafely passed to the PHP eval() function when the 'action' parameter is set to 'log-reset'. This unsafe use of eval() on user-controlled input allows an attacker to inject and execute arbitrary PHP code and operating system commands with the privileges of the webserver user. Attackers can exploit this by crafting a URL that injects malicious code, potentially leading to full control over the affected server. [1, 3, 4]
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution on the affected server with the privileges of the webserver user. This means an attacker can execute any PHP or operating system commands remotely, potentially resulting in full site compromise, unauthorized data access or exfiltration, and control over the server hosting the vulnerable WordPress plugin. The impact includes loss of confidentiality, integrity, and availability of the system and data. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP GET requests targeting the vulnerable endpoint `/wp-content/plugins/is-human/engine.php` with parameters `action=log-reset` and suspicious payloads in the `type` parameter that attempt to inject PHP code. For example, an attacker might use a URL like: http://server/wp-content/plugins/is-human/engine.php?action=log-reset&type=ih_options();passthru(whoami);error_log(); To detect exploitation attempts, you can search your web server logs for requests matching this pattern. A command example to search Apache or Nginx logs for such attempts is: ``` grep -i 'engine.php?action=log-reset&type=' /var/log/apache2/access.log ``` or ``` grep -i 'engine.php?action=log-reset&type=' /var/log/nginx/access.log ``` Additionally, monitoring for unusual User-Agent strings (e.g., fake Googlebot) or base64-encoded payloads in requests to this endpoint can help identify attacks. [1, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Remove or disable the vulnerable is-human WordPress plugin (version 1.4.2 or earlier) since it is no longer maintained and contains the critical eval injection vulnerability. 2. If removal is not immediately possible, restrict access to `/wp-content/plugins/is-human/engine.php` by IP address or via web server configuration to prevent external access. 3. Monitor and block suspicious requests targeting the vulnerable endpoint. 4. Apply web application firewall (WAF) rules to detect and block attempts to exploit the `action=log-reset` and `type` parameter injection. 5. Consider upgrading or migrating to supported plugins that do not have this vulnerability. Since the plugin is defunct and no patches are available, removal or disabling is the most effective immediate action. [1, 3, 4]