Vulnerability found in WP Mobile Detector plugin for WordPress

Our security team have reported a new vulnerability found in a commonly used WordPress plugin, called WP Mobile Detector. We are hearing that;

“The plugin has a new Zero Day vulnerability allowing attacker to exploit a Arbitrary File Upload (AFU) vulnerability. The plugin has been removed from the WordPress repository and does not have an active patch available.”

Amazingly. the issue seems to be the old TimThumb issue where a hacker can send a certain request to the timthumb file and hey presto they have access to your files and hosting account.

It seems that attackers have been using this vulnerability to inject SEO spam into websites all over the internet, so if you notice links appearing on pages that you didnt add its likely you’re infected.

Contact your support team today.

Leave a Reply

Your email address will not be published. Required fields are marked *