PT-2025-30129 · WordPress · Wp Mobile Detector

Published

2025-07-19

Updated

2025-12-16

CVE-2016-15043

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WP Mobile Detector versions up to and including 3.5

Description The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resize.php file. This allows unauthenticated attackers to upload arbitrary files to the affected server, potentially leading to remote code execution.

Recommendations Update WP Mobile Detector to a version newer than 3.5.

Exploit

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2016-15043

Affected Products

Wp Mobile Detector

PT-2025-30129 · WordPress · Wp Mobile Detector

CVE-2016-15043

Weakness Enumeration

Related Identifiers

Affected Products

References · 11