CVE-2016-15043
WP Mobile Detector <= 3.5 - Arbitrary File Upload
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
| CWE | CWE-434 |
| Vendor | websitez.com, llc |
| Product | wp mobile detector |
| Published | Jul 19, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for websitez.com, llc wp mobile detector
Be the first to know when new critical vulnerabilities affecting websitez.com, llc wp mobile detector are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Websitez.com, LLC / WP Mobile Detector
0 โค 3.5
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/5a5d5dbd-36f0-4886-adf8-045ec9c2e306?source=cve blog.sucuri.net: https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.html pluginvulnerabilities.com: https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/ wordpress.org: https://wordpress.org/plugins/wp-mobile-detector/changelog/ wpscan.com: https://wpscan.com/vulnerability/e4739674-eed4-417e-8c4d-2f5351b057cf aadityapurani.com: https://aadityapurani.com/2016/06/03/mobile-detector-poc/
Credits
Aaditya Purani