WP Mobile Detector WordPress Plugin Arbitrary File Upload Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the WP Mobile Detector plugin for WordPress, affecting versions through 3.5. The issue arises from inadequate file type validation in the resize.php file, enabling unauthenticated attackers to upload arbitrary files to the server. This vulnerability could potentially lead to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, which could be used to execute malicious code on the server.

Reproduction

To reproduce this vulnerability, send a POST request to 'wp-content/plugins/wp-mobile-detector/resize.php' with a URL pointing to the file to be uploaded. The uploaded file will be saved in the 'cache' directory within the WP Mobile Detector plugin folder. This vulnerability can be exploited by uploading a PHP shell script disguised as an image file.

Remediation

Users are advised to update the WP Mobile Detector plugin to version 3.6 or later. If the plugin is not needed, it can be removed or deactivated.