CVE-2025-4524 – Madara WordPress Theme Local File Inclusion Vulnerability

May 21, 2025

CVE ID : CVE-2025-4524

Published : May 21, 2025, 7:16 a.m. | 7 hours, 26 minutes ago

Description : The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the ‘template’ parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-41232 – Spring Security Aspects Private Method Authorization Bypass

Next Article CVE-2025-48207 – TYPO3 Reint Download Manager Insecure Direct Object Reference (IDOR)

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

My favorite gaming service is 40% off right now (and no, it’s not Xbox Game Pass)

A timeline of JavaScript’s history

A timeline of JavaScript’s history

Loading JSON Data into Snowflake From Local Directory

Streamline Conditional Logic with Laravel’s Fluent Conditionable Trait

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

CVE-2025-4524 – Madara WordPress Theme Local File Inclusion Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-47535 – Opal Woo Custom Product Variation Path Traversal

I test robot vacuums for a living – the Narwal Freo X Plus is the best you can get for $400

Affordable cybersecurity for SMBs in the midwest

CVE-2025-46417 – Apache Picklescan SSL Exfiltration Vulnerability

CVE-2025-48741 – StrangeBee TheHive Broken Access Control Vulnerability

Every PC and Xbox game shown during Sony’s PlayStation State of Play February 2025

How to send nested JSON in cucumber as request

The End of Nvidia’s Dominance? Huawei’s New AI Chip Could Be a Game-Changer

Agnostiq & MongoDB: High-Performance Computing for All

CVE-2025-4524 – Madara WordPress Theme Local File Inclusion Vulnerability

Related Posts