17 matches found
WordPress Madara Theme < 2.2.2.1 - Local File Inclusion
Madara WordPress theme = 2.2.2 contains a local file inclusion vulnerability caused by improper sanitization of the 'template' parameter, letting unauthenticated attackers execute arbitrary files on the server, exploit requires crafted request. id: CVE-2025-4524 info: name: WordPress Madara Theme...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Gitlab
CVE-2025-4524...
π WordPress Madera 2.2.2 Local File Inclusion
This Python script exploits a local file inclusion vulnerability in the WordPress Madara theme. It interacts with the admin-ajax.php endpoint to load sensitive files from the server, potentially leading to the exposure of system or application data. It affects version 2.2.2...
π WordPress Madera 2.2.2 Local File Inclusion
WordPress Madera plugin versions 2.2.2 and below suffer from a local file inclusion vulnerability. Exploit Title: WordPress Madara Local File Inclusion Date: November 1, 2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: WordPress Theme Madara Software Link: WordPress Theme Madara Teste...
WordPress Madara - Local File Inclusion
Exploit Title: WordPress Madara Local File Inclusion Date: November 1, 2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: WordPress Theme Madara Software Link: WordPress Theme Madara Tested on: OS / PHP / WordPress versions used in testing β e.g., Ubuntu 22.04, PHP 8.1, WP 6.4 CVE:...
EUVD-2025-15990
Malicious code in bioql PyPI...
CVE-2025-7712 Madara - Core <= 2.2.3 - Unauthenticated Arbitrary File Deletion
The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpmangadeletezip function in all versions up to, and including, 2.2.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, whic...
CVE-2025-7712
CVE-2025-7712: Madara - Core (WordPress) versions
WordPress plugin Madara - Core θ·―εΎιεζΌζ΄
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A path traversal...
PT-2025-29899 Β· WordPress Β· Madara - Core
Name of the Vulnerable Software and Affected Versions: Madara - Core plugin for WordPress versions prior to 2.2.3 Description: The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp manga delete zip function. This allows...
CVE-2025-4524
The Madara β Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
WordPress Madara 2.2.2 Local File Inclusion
WordPress Madara theme versions 2.2.2 and below suffer from a local file inclusion vulnerability...
CVE-2025-4524
The Madara β Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
WordPress plugin Madara θ·―εΎιεζΌζ΄
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress Madara theme <= 2.2.2 - Unauthenticated Local File Inclusion vulnerability
Unauthenticated Local File Inclusion vulnerability discovered by Kyle Bouchard ptrstr in WordPress Theme Madara versions = 2.2.2...
WordPress Madara Theme <= 2.2.2 is vulnerable to Local File Inclusion
Software Madara Type Theme Vulnerable versions = 2.2.2 Fixed in 2.2.2.1 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2025-4524 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID a3266cbf8e97 Credits Kyle Bouchard ptrstr Required privilege...
Exploit for CVE-2025-4524
CVE-2025-4524 - Unauthenticated madara-core Wordpress theme LF...