Security for everyone

CVE-2018-16283 Scanner

Detects 'Directory Traversal' vulnerability in Wechat Broadcast plugin for WordPress affects v. 1.2.0 and earlier.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one




The Wechat Broadcast plugin for WordPress is a tool that enables website owners to quickly and conveniently send mass notifications to their users via the WeChat messaging service. With this plugin, website administrators can easily broadcast important updates, promotions, and other announcements to their followers. It is a popular plugin and has been widely used by businesses, bloggers, and developers all over the world.

However, users of the Wechat Broadcast plugin need to be aware of the CVE-2018-16283 vulnerability that affects versions 1.2.0 and earlier. This vulnerability allows an attacker to perform directory traversal attacks, which means that they can access files and folders outside of the expected directory. Attackers can exploit this vulnerability by appending "../" to the Image.php URL parameter, which allows them to access sensitive files that should not be publicly accessible.

The exploitation of CVE-2018-16283 could lead to several security risks for websites that use the Wechat Broadcast plugin. Attackers could access password files, configuration files, and other sensitive data, which can lead to data breaches or system misuse. Furthermore, attackers could modify and replace essential files, which can lead to website downtime or even complete destruction of the website.

In conclusion, the Wechat Broadcast plugin for WordPress is a useful tool that can simplify website communication with users. However, users need to be aware of the CVE-2018-16283 vulnerability and take the necessary precautions to protect against it. With the pro features of the platform, website owners can quickly and easily learn about vulnerabilities in their digital assets and take measures to improve their website security.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture