CVE-2014-5181

NUCLEI

Last.fm Rotation Plugin Lastfm-rotation Plugin - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.

Nuclei Templates (1)

Last.fm Rotation 1.0 - Path Traversal

MEDIUMby DhiyaneshDK

References (1)

[Exploit] http://codevigilant.com/disclosure/wp-plugin-lastfm-rotation-local-file-inclusion

Scores

EPSS 0.0023

EPSS Percentile 46.0%

Details

CWE

CWE-22

Status published

Products (1)

last.fm_rotation_plugin_project/lastfm-rotation_plugin 1.0

Published Aug 06, 2014

Tracked Since Feb 18, 2026