EIP-2026-114221

PRE-CVE

WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114221. PoCs published by Aaditya Purani.

AI-analyzed exploit summary The exploit demonstrates an arbitrary file upload vulnerability in WP Mobile Detector <=3.5, allowing attackers to upload malicious PHP files via the 'resize.php' script. The uploaded file is saved in the cache directory, enabling remote code execution.

Description

WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aaditya Purani · textwebappsphp

https://www.exploit-db.com/exploits/39891

View Code ZIP pw:eip

The exploit demonstrates an arbitrary file upload vulnerability in WP Mobile Detector <=3.5, allowing attackers to upload malicious PHP files via the 'resize.php' script. The uploaded file is saved in the cache directory, enabling remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WP Mobile Detector <=3.5

No auth needed

Prerequisites: Access to the target WordPress site with WP Mobile Detector <=3.5 installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026