Skip to main content

WordPress WP Mobile Detector Remote Code Execution Vulnerability

Last Update Date: 6 Jun 2016 09:36 Release Date: 6 Jun 2016 4039 Views

RISK: High Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

A vulnerability has been identified in WP Mobile Detector, a WordPress plugin. Exploitation of this vulnerability could allow an attacker to take control of an affected website.

 

Note: This vulnerability is currently being exploited in the wild.


Impact

  • Remote Code Execution

System / Technologies affected

  • WordPress WP Mobile Detector prior to 3.6

 


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 3.6.
  • Disable the configuration option "allow_url_fopen" if it is not explicitly needed

 


Vulnerability Identifier

  • No CVE information is available

Source


Related Link