WordPress Last.FM Rotation Plugin <= 3.3 - Local File Inclusion

Back

WordPress Last.FM Rotation Plugin <= 3.3 - Local File Inclusion

Product: Last.FM Rotation
Description: Because of this vulnerability in lastfm-proxy.php, the attackers can read arbitrary files in the "snode" parameter.
Solution: Update the plugin.
Classification: Type Local File Inclusion
References: CVE Mitre
CVE: Name CVE-2014-5181
Versions: Affected In <= 1.0
Fixed In 1.1
Disclosure date: 2014-08-06
Credits: Anant Shrivastava