Our security team have reported a new vulnerability found in a commonly used WordPress plugin, called WP Mobile Detector. We are hearing that;
“The plugin has a new Zero Day vulnerability allowing attacker to exploit a Arbitrary File Upload (AFU) vulnerability. The plugin has been removed from the WordPress repository and does not have an active patch available.”
Amazingly. the issue seems to be the old TimThumb issue where a hacker can send a certain request to the timthumb file and hey presto they have access to your files and hosting account.
It seems that attackers have been using this vulnerability to inject SEO spam into websites all over the internet, so if you notice links appearing on pages that you didnt add its likely you’re infected.
Contact your support team today.