cbcvebase.
CVE-2016-15043
published 2025-07-19

CVE-2016-15043: The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to…

PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.03%
95.0th percentile
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Affected

2 ranges
VendorProductVersion rangeFixed in
websitez.com_llcwp_mobile_detector<= 3.5
wp_mobile_detector_projectwp_mobile_detector<= 3.5

Detection & IOCsextracted from sources · hover to see the quote

path/wp-content/plugins/wp-mobile-detector/resize.php
yara
rule WP_Mobile_Detector { strings: $s = /WP Mobile Detector (.*?)'/ condition: and }  # digest: 4b0a004830460221008d999a3a06ab2d4bf73bde945f13c526fb201d13d41b06135d5e1d071fe94694022100b7218272a817a413dd50663ad1fe9a014c29de7f7f7ebc3e377a7569c2cd5433:922c64590222798bb761d5b6d8e72950
  • Monitor for unauthenticated POST requests to /wp-content/plugins/wp-mobile-detector/resize.php, particularly those uploading .php files, as this is the vulnerable endpoint used for arbitrary file upload and remote code execution.
  • Alert on direct HTTP GET requests to newly uploaded .php files under the wp-mobile-detector plugin directory, which indicates post-upload execution of a webshell.
  • Fingerprint vulnerable installations by detecting the WP Mobile Detector plugin version string in HTTP responses (versions up to and including 3.5).
  • ·The vulnerability is exploitable by unauthenticated attackers, meaning no credentials or session tokens are required — perimeter authentication controls alone are insufficient mitigation.
  • ·The file upload flaw stems from missing file type validation in resize.php; WAF rules should specifically block PHP file uploads to this endpoint rather than relying on generic upload filters.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.