Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / New
Stats: 3,193,912 members, 7,952,675 topics. Date: Wednesday, 18 September 2024 at 08:53 PM

Wordpress Security: WP Mobile Detector Vulnerability Fixed - Webmasters - Nairaland

Nairaland Forum / Science/Technology / Webmasters / Wordpress Security: WP Mobile Detector Vulnerability Fixed (409 Views)

4 Best Wordpress Security Plugins For Wordpress Users In 2017 / How To Migrate Your Blog From Blogger To WP Without Loosing Traffic / Top 10 Advanced Wordpress Security Best Practices Tips (2) (3) (4)

(1) (Reply)

Wordpress Security: WP Mobile Detector Vulnerability Fixed by todhost(m): 10:07am On Jun 10, 2016
WordPress websites have very recently experienced an infection without any outdated plugin or known vulnerability. In this, it is a porn spam infection. Upon investigation, it's been discovered that that the common denominator across these WordPress sites was the plugin WP Mobile Detector that had a 0-day arbitrary file upload vulnerability disclosed on May 31st by the Plugin Vulnerabilities team. The plugin has since been removed from the WordPress repository. A patch to fix this vulnerability is now available.

How This Vulnerability is Exploited

The vulnerability is quite easy to exploit and requires the attacker to simply send a request to resize.php or timthumb.php (yes, timthumb, in this case it just includes resize.php), inside the plugin directory with the backdoor URL.

This WordPress vulnerability was publicly disclosed on May 31st, however Sucuri said this vulnerability had been on since May 27 according to reports from its logs.

Read full post on author's website: https://www.todhost.com/blog/wordpress-security-wp-mobile-detector-vulnerability-fixed.html

(1) (Reply)

FREE Social Media Account Set-up Graphic Design Banner / Will A Blogging About Phone Make Sence In Nigeria? / US Google Adsense With $45 For Sale

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10)

Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 9
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.