CVE-2025-4524

🗓️ 21 May 2025 06:39:46Reported by WordfenceType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 68 Views🌐 WEB

WordPress theme Madara vulnerable to unauthenticated Local File Inclusion in versions up to 2.2.2.

Reporter	Title	Published	Views	Family All 18
GithubExploit	Exploit for CVE-2025-4524	5 May 202503:28	–	githubexploit
Circl	CVE-2025-4524	20 May 202523:11	–	circl
CNNVD	WordPress plugin Madara 路径遍历漏洞	21 May 202500:00	–	cnnvd
Cvelist	CVE-2025-4524 Madara – Responsive and modern WordPress theme for manga sites <= 2.2.2 - Unauthenticated Local File Inclusion	21 May 202506:39	–	cvelist
Exploit DB	WordPress Madara - Local File Inclusion	6 Apr 202600:00	–	exploitdb
EUVD	EUVD-2025-15990	3 Oct 202520:07	–	euvd
EUVD	EUVD-2025-15991	3 Oct 202520:07	–	euvd
Nuclei	WordPress Madara Theme < 2.2.2.1 - Local File Inclusion	3 Jun 202606:04	–	nuclei
NVD	CVE-2025-4524	21 May 202507:16	–	nvd
Packet Storm	📄 WordPress Madera 2.2.2 Local File Inclusion	6 Apr 202600:00	–	packetstorm

Vulners

Node

wpstylish madara_responsive_and_modern_wordpress_theme_for_manga_sitesRange≤2.2.2wordpress

[
  {
    "vendor": "WPStylish",
    "product": "Madara – Responsive and modern WordPress theme for manga sites",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "2.2.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/a3ee01da-218a-421d-8f9c-1dc6c056ef74
mangabooth	www.mangabooth.com/product/wp-manga-theme-madara/
exploit-db	www.exploit-db.com/exploits/52487

Parameter	Position	Path	Description	CWE
template	request body	/wp-admin/admin-ajax.php	Local File Inclusion via template parameter in Madara WordPress theme exploited through admin-ajax.php	CWE-22

29 Apr 2026 20:16Current

9.9High risk

Vulners AI Score9.9

CVSS 3.19.8

EPSS0.15429

SSVC

CWE-22