cbcvebase.
CVE-2014-9734
published 2015-06-30

CVE-2014-9734: Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .…

PriorityP273medium5CVSS 2.0
AVNACLAuNCPINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
20.63%
97.2th percentile
Directory traversal vulnerability in the Slider Revolution (revslider) plugin before 4.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
themepunchslider_revolution<= 4.1.4

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
url/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
path/wp-admin/admin-ajax.php
path../wp-config.php
  • Detect exploitation attempts by monitoring GET requests to wp-admin/admin-ajax.php containing the 'action=revslider_show_image' parameter combined with directory traversal sequences in the 'img' parameter (e.g., '../').
  • Successful exploitation will return wp-config.php contents; look for the strings 'DB_NAME', 'DB_PASSWORD', and 'DB_USER' appearing together in the HTTP response body.
  • Use the Google dork 'inurl:/wp-content/plugins/revslider' to identify potentially vulnerable WordPress installations exposed on the internet.
  • The vulnerability is unauthenticated (no WordPress login required); any remote attacker can trigger the revslider_show_image AJAX action without authentication.
  • ·This CVE (CVE-2014-9734) may be a duplicate of CVE-2015-1579; both describe the same directory traversal via revslider_show_image in wp-admin/admin-ajax.php. Detection rules targeting either CVE cover the same attack vector.
  • ·The affected version ceiling is Slider Revolution Responsive <= 4.1.4; installations running versions above this threshold are not vulnerable to this specific path traversal.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.