CVE-2011-10033

CRITICAL EXPLOITED

WordPress Plugin <=1.4.2 - Code Injection

Title source: llm

Exploitation Summary

CVE-2011-10033 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including neworder.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in the 'is-human' WordPress plugin (version 1.4.2 and prior) by manipulating the 'type' parameter in the 'engine.php' file when the 'action' is set to 'log-reset'. The exploit uses the 'passthru' function to execute arbitrary commands.

Description

The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval() on user-controlled input, which can lead to execution of attacker-supplied PHP and OS commands. This may result in arbitrary code execution as the webserver user, site compromise, or data exfiltration. The is-human plugin was made defunct in June 2008 and is no longer available for download. This vulnerability was exploited in the wild in March 2012.

Exploits (1)

exploitdb WORKING POC VERIFIED

by neworder · textwebappsphp

https://www.exploit-db.com/exploits/17299

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in the 'is-human' WordPress plugin (version 1.4.2 and prior) by manipulating the 'type' parameter in the 'engine.php' file when the 'action' is set to 'log-reset'. The exploit uses the 'passthru' function to execute arbitrary commands.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: is-human WordPress plugin <= 1.4.2

No auth needed

Prerequisites: Access to the target WordPress plugin directory

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources technical-description

https://web.archive.org/web/20120115212202/http://blog.spiderlabs.com/2012/01/honeypot-alert-is-human-wordpress-plugin-remote-command-execution-attack-detected.html

Various Sources technical-description

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-alert-more-wordpress-is_human-plugin-remote-command-injection-attack-detected/

Product product

https://wordpress.org/plugins/is-human/

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/17299

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/wordpress-plugin-is-human-eval-injection-rce

Scores

CVSS v4 9.3

EPSS 0.0015

EPSS Percentile 35.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

VulnCheck KEV 2012-03-12

CWE

CWE-95

Status published

Products (1)

is-human WordPress Plugin/is-human WordPress Plugin < 1.4.2

Published Oct 15, 2025

Tracked Since Feb 18, 2026