ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Last.FM Rotation Plugin <= 3.3 - Local File Inclusion

Product
Last.FM Rotation
Description
Because of this vulnerability in lastfm-proxy.php, the attackers can read arbitrary files in the "snode" parameter.
Solution
Update the plugin.
Classification
Type Local File Inclusion
References
CVE Mitre
CVE
Name CVE-2014-5181
Versions
Affected In <= 1.0
Fixed In 1.1
Disclosure date
2014-08-06
Credits
Anant Shrivastava