cbcvebase.
CVE-2025-4524
published 2025-05-21

CVE-2025-4524: The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and…

PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
9.09%
94.7th percentile
The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpstylishmadara_responsive_and_modern_wordpress_theme_for_manga_sites<= 2.2.2

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php
commandaction=madara_load_more&page=1&template=plugins/../../../../../../../etc/passwd
path/wp-content/plugins/madara/
path/wp-content/themes/madara/
  • Detect unauthenticated POST requests to /wp-admin/admin-ajax.php with action=madara_load_more and a 'template' parameter containing path traversal sequences (e.g., '../' or 'plugins/../').
  • Flag requests containing the X-Requested-With: XMLHttpRequest header combined with the madara_load_more action and traversal strings in the template parameter.
  • Use FOFA/Shodan fingerprint body='/wp-content/themes/madara/' to identify potentially vulnerable WordPress instances for proactive scanning.
  • Inspect HTTP response bodies for 'root:.*:0:0:' pattern, indicating successful /etc/passwd inclusion via the LFI vulnerability.
  • The vulnerability is exploitable by unauthenticated attackers; no session cookie or authentication token is required in the POST request.
  • ·All versions up to and including 2.2.2 of the Madara theme are vulnerable; the fix is present in version 2.2.2.1 and later.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.