Unrated severityNVD Advisory· Published Jul 19, 2025· Updated Apr 8, 2026

WP Mobile Detector <= 3.5 - Arbitrary File Upload

CVE-2016-15043

Description

The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

Affected products

WP Mobile Detector/WP Mobile Detectorllm-create
Range: <=3.5
Websitez.com, LLC/WP Mobile Detectorv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

aadityapurani.com/2016/06/03/mobile-detector-poc/mitre
blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.htmlmitre
wordpress.org/plugins/wp-mobile-detector/changelog/mitre
wpscan.com/vulnerability/e4739674-eed4-417e-8c4d-2f5351b057cfmitre
www.pluginvulnerabilities.com/2016/05/31/aribitrary-file-upload-vulnerability-in-wp-mobile-detector/mitre
www.wordfence.com/threat-intel/vulnerabilities/id/5a5d5dbd-36f0-4886-adf8-045ec9c2e306mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.068
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000