CVE-2015-1579

Currently unrated

Key Information:

Vendor
Wordpress
Status
Divi
Vendor
CVE Published:
11 February 2015

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 53%

Summary

Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

WordPressMassExploiter
Created by paralelo14

CVE-2015-1579
Created by paralelo14

References

https://wpvulndb.com/vulnerabilities/7540
x_refsource_MISC
http://www.exploit-db.com/exploits/36039
exploitx_refsource_EXPLOIT-DB

EPSS Score

53% chance of being exploited in the next 30 days.

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.