Sucuri has released a WordPress plugin Vulnerability Alert for a 0-Day Exploit of the Mobile Detector Plugin
Quote:
WP Mobile Detector Vulnerability Being Exploited in the Wild
...the plugin WP Mobile Detector that had a 0-day arbitrary file upload vulnerability disclosed on May 31st.
The plugin has since been removed from the WordPress repository and no patches are available.
|
https://blog.sucuri.net/2016/06/wp-m...-the-wild.html
As noted this Plugin has been removed from the WordPress site and as of this
time no update is available. Anyone that has this plugin installed should immediately
take steps to remove the plugin from their WordPress installation.
As always FutureQuest encourages anyone running any scripts, such as
WordPress, to ensure they maintain the most up to date version and install
any patches released to reduce the chances of a compromise of your site.
This also includes any plugins, addons and themes...
It is always best to subscribe to any Security or Update mailing list provided
by the Authors of the script(s) you are running.
The FutureQuest Team
