CVE-2018-20463

HIGH EXPLOITED NUCLEI

jsmol2wp 1.07 - Path Traversal and Server-Side Request Forgery via jsmol.php query Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-20463 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Henry4E36. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a README describing an arbitrary file read vulnerability in WordPress JSmol2WP Plugin 1.07. It provides usage instructions for a Python script (not included) to exploit CVE-2018-20463.

Description

An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF.

Exploits (1)

nomisec WRITEUP 2 stars
by Henry4E36 · poc
https://github.com/Henry4E36/CVE-2018-20463

This repository contains a README describing an arbitrary file read vulnerability in WordPress JSmol2WP Plugin 1.07. It provides usage instructions for a Python script (not included) to exploit CVE-2018-20463.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: WordPress JSmol2WP Plugin 1.07
No auth needed
Prerequisites: Target running vulnerable WordPress JSmol2WP Plugin 1.07
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress JSmol2WP <=1.07 - Local File Inclusion
HIGHVERIFIEDby vinit989

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.1343
EPSS Percentile 95.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-09-19
CWE
CWE-22
Status published
Products (1)
jsmol2wp_project/jsmol2wp 1.07
Published Dec 25, 2018
Tracked Since Feb 18, 2026