WordPress Plugin Vulnerabilities

WP Mobile Edition < 2.3 - Remote File Disclosure

Description

The plugin is not filtering data in GET parameter 'files' in file 'themes/mTheme-Unus/css/css.php'

Proof of Concept

Affects Plugins

Plugin icon
wp-mobile-edition
Fixed in 2.3

References

Exploitdb
36733
URL
auxiliary/scanner/http/wp_mobileedition_file_read

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
17fb9930-59e9-4d07-bbd1-d54eac111311

Timeline

Publicly Published
2015-04-13 (about 11 years ago)
Added
2015-04-14 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-06-13
Title
Folders <= 3.0 and Folders Pro <= 3.0.2 - Directory Traversal via handle_folders_file_upload
Published
2024-06-05
Title
Startklar Elementor Addons <= 1.7.15 - Unauthenticated Path Traversal to Arbitrary Directory Deletion
Published
2025-08-25
Title
Jannah < 7.5.1 - Unauthenticated Local File Inclusion
Published
2015-07-05
Title
WP e-Commerce Shop Styling <= 2.5 - Local File Inclusion
Published
2021-07-12
Title
UpdraftPlus < 1.16.59 - Admin+ Local File Inclusion