Friday, 3 June 2016

[Security Disclosure] WP Mobile Detector Vulnerability Being Exploited in the Wild

Real People. Real Security.

WP Mobile Detector Vulnerability
Being Exploited in the Wild

We are reaching out to you today because we have noticed an increase in the number of websites infected with SEO Spam, and the attack vector is the WP Mobile Detector plugin. The plugin has a new Zero Day vulnerability allowing attacker to exploit a Arbitrary File Upload (AFU) vulnerability. The plugin has been removed from the WordPress repository and does not have an active patch available. 

The zero day was disclosed May 31st, and we were able to track live attacks going back to May 27th. All customers using the Sucuri Firewall have been protected since May 27th. We have actively tested the most popular application level security plugins for WordPress and the exploits are evading their prevention controls.

The plugin has since been removed from the WordPress repository and no patches are available.

The vulnerability is very easy to exploit. All the attacker needs to do is send a request to resize.php or timthumb.php (yes, timthumb, in this case it just includes resize.php), inside the plugin directory with the backdoor URL. 

It's imperative that if you are using this plugin you remove it from your enviornment and find a suitable replacement. 

Read More About This Security Disclosure
Websites behind the Sucuri Firewall have been protected against this threat
via our Virtual Hardening / Patching technology. 

If you don't have our Website Application Firewall enabled, sign up now below!
Protect Your Website Now!
This email does not mean you are affected!

Being proactive in the protection of your site is of one of the most important aspects of having a solid security posture. Therefore, we feel it's important to research and report on all potential threats as quickly as possible.
- Your Sucuri Security Team
Sucuri Labs
Sucuri Labs
Copyright © 2016 Sucuri Security, All rights reserved.
The user subscribes to this list to stay current with the latest in security news.

Our mailing address is:
Sucuri Security
30141 Antelope RD
Suite D, #680
Menifee, CA 92584

Add us to your address book

unsubscribe from this list    update subscription preferences