CVE-2016-15043
published 2025-07-19CVE-2016-15043: The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to…
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.03%
95.0th percentile
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| websitez.com_llc | wp_mobile_detector | <= 3.5 | — |
| wp_mobile_detector_project | wp_mobile_detector | <= 3.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara
rule WP_Mobile_Detector { strings: $s = /WP Mobile Detector (.*?)'/ condition: and } # digest: 4b0a004830460221008d999a3a06ab2d4bf73bde945f13c526fb201d13d41b06135d5e1d071fe94694022100b7218272a817a413dd50663ad1fe9a014c29de7f7f7ebc3e377a7569c2cd5433:922c64590222798bb761d5b6d8e72950- →Monitor for unauthenticated POST requests to /wp-content/plugins/wp-mobile-detector/resize.php, particularly those uploading .php files, as this is the vulnerable endpoint used for arbitrary file upload and remote code execution. ↗
- →Alert on direct HTTP GET requests to newly uploaded .php files under the wp-mobile-detector plugin directory, which indicates post-upload execution of a webshell. ↗
- →Fingerprint vulnerable installations by detecting the WP Mobile Detector plugin version string in HTTP responses (versions up to and including 3.5).
- ·The vulnerability is exploitable by unauthenticated attackers, meaning no credentials or session tokens are required — perimeter authentication controls alone are insufficient mitigation. ↗
- ·The file upload flaw stems from missing file type validation in resize.php; WAF rules should specifically block PHP file uploads to this endpoint rather than relying on generic upload filters. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-26vv-h7j3-gv3q: The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize
ghsa_unreviewed·2025-07-19
CVE-2016-15043 [CRITICAL] CWE-434 GHSA-26vv-h7j3-gv3q: The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
VulnCheck
wp_mobile_detector_project wp_mobile_detector Unrestricted Upload of File with Dangerous Type
vulncheck·2016·CVSS 9.8
CVE-2016-15043 [CRITICAL] wp_mobile_detector_project wp_mobile_detector Unrestricted Upload of File with Dangerous Type
wp_mobile_detector_project wp_mobile_detector Unrestricted Upload of File with Dangerous Type
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected: wp_mobile_detector_project wp_mobile_detector
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://wpscan.com/vulnerability/e4739674-eed4-417e-8c4d-2f5351b057cf/; https://app.crowdsec.net/cti/cve-explorer/CVE-2016-15043
No detection rules found.
Nuclei
WP Mobile Detector <= 3.5 - Unrestricted File Upload
nuclei·CVSS 9.8
CVE-2016-15043 [CRITICAL] WP Mobile Detector <= 3.5 - Unrestricted File Upload
WP Mobile Detector (.*?)', body)
condition: and
# digest: 4b0a004830460221008d999a3a06ab2d4bf73bde945f13c526fb201d13d41b06135d5e1d071fe94694022100b7218272a817a413dd50663ad1fe9a014c29de7f7f7ebc3e377a7569c2cd5433:922c64590222798bb761d5b6d8e72950
Metasploit
WordPress WP Mobile Detector 3.5 Shell Upload
metasploit
WordPress WP Mobile Detector 3.5 Shell Upload
WordPress WP Mobile Detector 3.5 Shell Upload
WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.
No writeups or analysis indexed.
https://aadityapurani.com/2016/06/03/mobile-detector-poc/https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.htmlhttps://wordpress.org/plugins/wp-mobile-detector/changelog/https://wpscan.com/vulnerability/e4739674-eed4-417e-8c4d-2f5351b057cfhttps://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d5dbd-36f0-4886-adf8-045ec9c2e306?source=cve
2025-07-19
Published
Exploited in the wild