wp-plugin : lastfm-rotation – Local File Inclusion


Plugin Details


Plugin Name : lastfm-rotation


Effected Version : 1.0 (and most probably lower version's if any)

Vulnerability : Local File Inclusion
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :



Vulnerable Parameter : snode



Disclosure Timeline


Vendor Contacted : 2014-02-19

Plugin Status : Closed
Public Disclosure : May 28, 2014
CVE Number : Not assigned yet

Plugin Description :
Last.fm Rotation will display the covers for the albums you have had in heavy rotation over the last week. It uses
the Last.fm API via AJAX to fetch the data and includes a functional (albeit crude) caching mechanism to improve
performance. You can make sure Last.fm gets updated with music played from different sources by utilizing one of the many
scrobbler plugins available. For example, I use Rhapsody for music streaming, and therefore decided to use Rhobbler
to make sure that Last.fm has a complete profile on my listening habits. Please send feedback, enhancement requests,
bug details or any questions about installation to dfederighi@yahoo.com

Leave a Reply

Your email address will not be published. Required fields are marked *