CVE-2025-48157 PoC — WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-48157.yaml

Associated Vulnerability

Title:WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability (CVE-2025-48157)
Description:Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through <= 1.5.9.

Description

Michele Giorgi Formality <= 1.5.9 contains a file inclusion vulnerability caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires crafted input.

File Snapshot


 id: CVE-2025-48157

info:
  name: WordPress Formality Plugin <= 1.5.9 - Local File Inclusion
  autho

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!