Zero-day vulnerabilities discovered: 1
Arbitrary file upload
The vulnerability allows a remote attacker to upload arbitrary files to compromise the target system.Researchers at Sucuri said that attacks against WordPress sites running the plugin started on May 26.
Software: WP Mobile detector
Links:
https://www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-d...
https://threatpost.com/wordpress-patches-zero-day-in-wp-mobile-detector-plugin/118458/ https://www.recoverwp.com/en/arbitrary-file-upload-vulnerability-in-wp-mobile-detector/
https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.html
http://news.softpedia.com/news/wordpress-sites-under-attack-from-new-zero-day-in-wp-mobile-detector-...
https://vulners.com/threatpost/WORDPRESS-PATCHES-ZERO-DAY-IN-WP-MOBILE-DETECTOR-PLUGIN/118458
http://www.spamfighter.com/News-20313-WordPress-Websites-Being-Assaulted-Through-Fresh-0-Day-within-...
http://www.builditdigital.com/blog/wp-mobile-detector-plugin-makes-over-10-000-wordpress-sites-vulne...
http://www.zdnet.com/article/over-10000-wordpress-sites-vulnerable-to-exploit/