Vulnerability Details CVE-2018-16283
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.851
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://seclists.org/fulldisclosure/2018/Sep/32
- https://github.com/springjk/wordpress-wechat-broadcast/issues/14
- https://wpvulndb.com/vulnerabilities/9132
- https://www.exploit-db.com/exploits/45438/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/150202
- http://seclists.org/fulldisclosure/2018/Sep/32
- https://github.com/springjk/wordpress-wechat-broadcast/issues/14
- https://wpvulndb.com/vulnerabilities/9132
- https://www.exploit-db.com/exploits/45438/
Products affected by CVE-2018-16283
-
cpe:2.3:a:wechat_brodcast_project:wechat_brodcast:*