WordPress Plugin Is-Human Eval Injection Vulnerability Leading to Remote Code Execution

A vulnerability allowing eval injection has been identified in the WordPress plugin 'is-human' versions through 1.4.2. This vulnerability resides in the file '/is-human/engine.php' and can be exploited by manipulating the 'type' parameter while the 'action' parameter is set to 'log-reset'. The issue stems from the unsafe use of the eval() function on user-controlled input, which could lead to the execution of arbitrary PHP code and OS commands. Exploitation of this vulnerability could result in arbitrary code execution on the server, site compromise, or unauthorized data access. The 'is-human' plugin has been discontinued since June 2008 and is no longer available for download.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the server, with the executed code running as the web server user. This could lead to a complete compromise of the affected WordPress site.

Reproduction

To reproduce this vulnerability, send a GET request to '/wp-content/plugins/is-human/engine.php' with the 'action' parameter set to 'log-reset' and the 'type' parameter containing the payload. The payload should include a crafted PHP code injection that exploits the eval() function, such as a base64-encoded command that, once decoded, executes a command on the server.