Unrated severityNVD Advisory· Published Aug 6, 2014· Updated May 6, 2026

CVE-2014-5181

Description

Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snode parameter.

Affected products

Last.fm Rotation Plugin Project/Lastfm Rotation Plugin
cpe:2.3:a:last.fm_rotation_plugin_project:lastfm-rotation_plugin:1.0:*:*:*:*:wordpress:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codevigilant.com/disclosure/wp-plugin-lastfm-rotation-local-file-inclusionnvdExploit

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000