wordpress

2011-05-28

Page content

Author: Miklos Vajna
Vulnerable: 3.1.2-1nexon1
Unaffected: 3.1.3-1nexon1

neworder has discovered a vulnerability in the is_human() plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the “type” parameter in engine.php (when e.g. “action” is set to “log-reset”) is not properly verified before being used in an “eval()” function and can be exploited to inject and execute arbitrary PHP code.

Bug Tracker URL: http://bugs.frugalware.org/task/4496

CVEs:

No CVE yet, see http://wordpress.org/news/2011/05/wordpress-3-1-3/