Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2018-16283

Published: 24/09/2018 Updated: 14/11/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 756
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The Wechat Broadcast plugin 1.2.0 and previous versions for WordPress allows Directory Traversal via the Image.php url parameter.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

wechat brodcast project wechat brodcast

Exploits

Exploit DB: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
# Exploit Title: WordPress Plugin Wechat Broadcast 120 - Local File Inclusion # Author: Manuel Garcia Cardenas # Date: 2018-09-19 # Software link: eswordpressorg/plugins/wechat-broadcast/ # CVE: CVE-2018-16283 # Description # This bug was found in the file: /wechat-broadcast/wechat/Imagephp # echo file_get_contents(isset($_GET["url"]) ...

Mailing Lists

Full Disclosure: WordPress Plugin Wechat Broadcast 1.2.0 - Local/Remote File Inclusion
============================================= MGC ALERT 2018-005 - Original release date: August 31, 2018 - Last revised: September 19, 2018 - Discovered by: Manuel García Cárdenas - Severity: 9/10 (CVSS Base Score) - CVE-ID: CVE-2018-16283 ============================================= I VULNERABILITY ------------------------- WordPress Plugin ...

Github Repositories

https://github.com/deguru22/wp-plugins-poc

Collection of WordPress Plugin PoC - For Educational Purposes ONLY

WordPress Plugin PoCs WordPress Plugin PoCs based on 1-Day WordPress Plugin Vulnerability ⚠️ Legal Disclaimer - Use At Your Own Risk ⚠️ This project is made for EDUCATIONAL and ETHICAL TESTING purposes ONLY Using of source code in this repository for attacking targets without prior mutual consent is ILLEGAL I take NO responsibility and/or liability for how you choose

https://github.com/cved-sources/cve-2018-16283

cve-2018-16283

CVE-2018-16283 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2018-16283 Image author: githubcom/cved-sources/cve-2018-16283

https://github.com/koldbreww/wp-plugins-poc

Collection of WordPress Plugin PoC - For Educational Purposes ONLY

WordPress Plugin PoCs WordPress Plugin PoCs based on 1-Day WordPress Plugin Vulnerability ⚠️ Legal Disclaimer - Use At Your Own Risk ⚠️ This project is made for EDUCATIONAL and ETHICAL TESTING purposes ONLY Using of source code in this repository for attacking targets without prior mutual consent is ILLEGAL I take NO responsibility and/or liability for how you choose

References

CWE-22https://github.com/springjk/wordpress-wechat-broadcast/issues/14http://seclists.org/fulldisclosure/2018/Sep/32https://www.exploit-db.com/exploits/45438/https://wpvulndb.com/vulnerabilities/9132https://exchange.xforce.ibmcloud.com/vulnerabilities/150202https://nvd.nist.govhttp://seclists.org/fulldisclosure/2018/Sep/32https://www.exploit-db.com/exploits/45438/https://github.com/deguru22/wp-plugins-poc
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380CVE-2024-1694local file inclusionCVE-2024-5645CVE-2024-24919XSSCVE-2024-36774CVE-2024-21306SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook