CVE-2018-16283

CRITICAL NUCLEI LAB

Wechat Brodcast < 1.2.0 - Path Traversal

Title source: rule

Description

The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.

Exploits (2)

exploitdb WORKING POC
by Manuel García Cárdenas · textwebappsphp
https://www.exploit-db.com/exploits/45438
nomisec WORKING POC
by cved-sources · poc
https://github.com/cved-sources/cve-2018-16283

Nuclei Templates (1)

WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
CRITICALby 0x240x23elu

References (5)

Scores

CVSS v3 9.8
EPSS 0.7730
EPSS Percentile 99.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull cved/base-wordpress

Details

CWE
CWE-22
Status published
Products (1)
wechat_brodcast_project/wechat_brodcast < 1.2.0
Published Sep 24, 2018
Tracked Since Feb 18, 2026