Arbitrary File Upload Risk in WP Mobile Detector Plugin for WordPress
CVE-2016-15043

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WP Mobile Detector
Vendor: CVE Published:; 19 July 2025

What is CVE-2016-15043?

The WP Mobile Detector plugin for WordPress contains a significant flaw allowing unauthorized file uploads due to inadequate validation in the resize.php file. This vulnerability, found in versions up to and including 3.5, enables unauthenticated attackers to exploit the weakness, which can lead to unauthorized access and potentially facilitate remote code execution on affected servers.

Affected Version(s)

WP Mobile Detector * <= 3.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://blog.sucuri.net/2016/06/wp-mobile-detector-vulner...

https://www.pluginvulnerabilities.com/2016/05/31/aribitra...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2025
Vulnerability Reserved
Jul 18, 2025

Credit

Aaditya Purani