Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-10033

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-15 Oct, 2025 | 01:23
Updated At-15 May, 2026 | 11:13
Rejected At-
Credits

WordPress Plugin is-human <= v1.4.2 Eval Injection RCE

The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval() on user-controlled input, which can lead to execution of attacker-supplied PHP and OS commands. This may result in arbitrary code execution as the webserver user, site compromise, or data exfiltration. The is-human plugin was made defunct in June 2008 and is no longer available for download. This vulnerability was exploited in the wild in March 2012.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:15 Oct, 2025 | 01:23
Updated At:15 May, 2026 | 11:13
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Plugin is-human <= v1.4.2 Eval Injection RCE

The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval() on user-controlled input, which can lead to execution of attacker-supplied PHP and OS commands. This may result in arbitrary code execution as the webserver user, site compromise, or data exfiltration. The is-human plugin was made defunct in June 2008 and is no longer available for download. This vulnerability was exploited in the wild in March 2012.

Affected Products
Vendor
is-human WordPress Plugin
Product
is-human WordPress Plugin
Modules
  • /is-human/engine.php
Default Status
unaffected
Versions
Affected
  • From 0 through 1.4.2 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-95CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Type: CWE
CWE ID: CWE-95
Description: CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-88CAPEC-88 OS Command Injection
CAPEC ID: CAPEC-88
Description: CAPEC-88 OS Command Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
neworder
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wordpress.org/plugins/is-human/
product
https://www.exploit-db.com/exploits/17299
exploit
https://web.archive.org/web/20120115212202/http://blog.spiderlabs.com/2012/01/honeypot-alert-is-human-wordpress-plugin-remote-command-execution-attack-detected.html
technical-description
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-alert-more-wordpress-is_human-plugin-remote-command-injection-attack-detected/
technical-description
https://www.vulncheck.com/advisories/wordpress-plugin-is-human-eval-injection-rce
third-party-advisory
Hyperlink: https://wordpress.org/plugins/is-human/
Resource:
product
Hyperlink: https://www.exploit-db.com/exploits/17299
Resource:
exploit
Hyperlink: https://web.archive.org/web/20120115212202/http://blog.spiderlabs.com/2012/01/honeypot-alert-is-human-wordpress-plugin-remote-command-execution-attack-detected.html
Resource:
technical-description
Hyperlink: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-alert-more-wordpress-is_human-plugin-remote-command-injection-attack-detected/
Resource:
technical-description
Hyperlink: https://www.vulncheck.com/advisories/wordpress-plugin-is-human-eval-injection-rce
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:15 Oct, 2025 | 02:15
Updated At:16 Oct, 2025 | 15:29

The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval() on user-controlled input, which can lead to execution of attacker-supplied PHP and OS commands. This may result in arbitrary code execution as the webserver user, site compromise, or data exfiltration. The is-human plugin was made defunct in June 2008 and is no longer available for download. This vulnerability was exploited in the wild in March 2012.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-95Secondarydisclosure@vulncheck.com
CWE ID: CWE-95
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://web.archive.org/web/20120115212202/http://blog.spiderlabs.com/2012/01/honeypot-alert-is-human-wordpress-plugin-remote-command-execution-attack-detected.htmldisclosure@vulncheck.com
N/A
https://wordpress.org/plugins/is-human/disclosure@vulncheck.com
N/A
https://www.exploit-db.com/exploits/17299disclosure@vulncheck.com
N/A
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-alert-more-wordpress-is_human-plugin-remote-command-injection-attack-detected/disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/wordpress-plugin-is-human-eval-injection-rcedisclosure@vulncheck.com
N/A
Hyperlink: https://web.archive.org/web/20120115212202/http://blog.spiderlabs.com/2012/01/honeypot-alert-is-human-wordpress-plugin-remote-command-execution-attack-detected.html
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://wordpress.org/plugins/is-human/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/17299
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/honeypot-alert-more-wordpress-is_human-plugin-remote-command-injection-attack-detected/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/wordpress-plugin-is-human-eval-injection-rce
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2025-12140
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-9.3||CRITICAL
EPSS-0.09% / 25.42%
||
7 Day CHG~0.00%
Published-27 Nov, 2025 | 14:01
Updated-01 Dec, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RCE in Wirtualna Uczelnia

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the entered string of characters as a Java expression, allowing an unauthenticated attacer to perform arbitrary code execution. This issue was fixed in version wu#2016.1.5513#0#20251014_113353

Action-Not Available
Vendor-Simple SA
Product-Wirtualna Uczelnia
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2025-0868
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-9.3||CRITICAL
EPSS-15.90% / 94.83%
||
7 Day CHG~0.00%
Published-20 Feb, 2025 | 11:26
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Code Execution in DocsGPT

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from 0.8.1 through 0.12.0.

Action-Not Available
Vendor-Arc53
Product-DocsGPT
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2026-44128
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
ShareView Details
Matching Score-4
Assigner-Switzerland National Cyber Security Centre (NCSC)
CVSS Score-9.3||CRITICAL
EPSS-0.43% / 63.02%
||
7 Day CHG+0.10%
Published-08 May, 2026 | 13:13
Updated-18 May, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated Remote Code Execution

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint passes attacker-controlled input from a parameter to Perl's eval.

Action-Not Available
Vendor-SEPPmail AG
Product-Secure Email Gateway
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2026-44643
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.11% / 28.54%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 14:33
Updated-12 May, 2026 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Angular Expressions - Remote Code Execution using filters

Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox to execute arbitrary code on the system. This vulnerability is fixed in 1.5.2.

Action-Not Available
Vendor-peerigon
Product-angular-expressions
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2013-10051
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-75.81% / 98.93%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 20:41
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InstantCMS <= 1.6 Remote PHP Code Execution

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.

Action-Not Available
Vendor-instantcmsInstantCMS
Product-instantcmsInstantCMS
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CVE-2026-35002
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-9.3||CRITICAL
EPSS-0.43% / 62.44%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 14:34
Updated-16 Apr, 2026 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Agno < 2.3.24 field_type Eval Injection Arbitrary Code Execution

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the field_type parameter passed to eval(). Attackers can influence the field_type value in a FunctionCall to achieve remote code execution.

Action-Not Available
Vendor-agnoAgno
Product-agnoAgno
CWE ID-CWE-95
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Details not found