Local File Inclusion Vulnerability in Madara WordPress Theme
CVE-2025-4524

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Madara – Responsive And Modern WordPress Theme For Manga Sites
Vendor: CVE Published:; 21 May 2025

What is CVE-2025-4524?

The Madara theme for WordPress, designed for manga sites, is susceptible to a Local File Inclusion vulnerability. This issue arises through the 'template' parameter, allowing unauthenticated attackers to include and execute arbitrary files on the server. The vulnerability enables potential code execution of any PHP code contained within included files, leading to risks such as bypassing access controls, gaining unauthorized access to sensitive data, and executing malicious scripts, particularly when file uploads involve commonly accepted types like images.

Affected Version(s)

Madara – Responsive and modern WordPress theme for manga sites * <= 2.2.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://mangabooth.com/product/wp-manga-theme-madara/

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 21, 2025
Vulnerability Reserved
May 10, 2025

Credit

Kyle Bouchard