Madara WordPress Theme Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in the Madara WordPress theme for manga sites, affecting all versions through 2.2.2. This vulnerability allows unauthenticated attackers to include and execute arbitrary files on the server by exploiting the 'template' parameter. The issue could be used to bypass access controls, access sensitive data, or execute code in scenarios where images and other 'safe' file types can be uploaded and included.

Impact

Exploitation of this vulnerability could lead to unauthorized file inclusion, allowing attackers to execute arbitrary PHP code on the server. This could be used to bypass access controls, access sensitive information, or achieve remote code execution, particularly in cases where uploaded files can be included and executed as code.

Remediation

Users are advised to update the Madara WordPress theme to version 2.2.2.1 or a newer patched version.