WordPress WP Mobile Detector 3.5 Shell Upload

WP Mobile Detector Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/wp-mobile-detector/resize.php script does contains a remote file include for files not cached by the system already. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.
Source: WordPress WP Mobile Detector 3.5 Shell Upload

The post WordPress WP Mobile Detector 3.5 Shell Upload appeared first on MondoUnix.