{"id":"CVE-2018-16283","details":"The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.","modified":"2026-04-02T00:55:26.029287Z","published":"2018-09-24T22:29:00.957Z","references":[{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/150202"},{"type":"REPORT","url":"https://github.com/springjk/wordpress-wechat-broadcast/issues/14"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2018/Sep/32"},{"type":"EVIDENCE","url":"https://wpvulndb.com/vulnerabilities/9132"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/45438/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/springjk/wordpress-wechat-broadcast","events":[{"introduced":"0"},{"last_affected":"1fd0261904dd41d11be25b4557eca7f1ca68584a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2.0"}]}}],"versions":["v1.0.0-beta","v1.1.2","v1.2.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16283.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}