CVE-2016-15043

WP Mobile Detector <= 3.5 - Arbitrary File Upload

CVSS 9.8 CRITICALEPSS 10.0%CWE-434

Vexday Risk Score

48Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 9.8EPSS 10.0%KEV nãoPoC —Nuclei simMetasploit simPatch —

Ciclo de vida

31 may 2016Exploit Metasploit disponible

19 jul 2025Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Websitez.com, LLC · WP Mobile Detector

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://aadityapurani.com/2016/06/03/mobile-detector-poc/https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.html https://wordpress.org/plugins/wp-mobile-detector/changelog/https://wpscan.com/vulnerability/e4739674-eed4-417e-8c4d-2f5351b057cf https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d5dbd-36f0-4886-adf8-045ec9c2e306?source=cve