CVE-2025-48157 PoC — WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-48157.yaml

Associated Vulnerability

Title:WordPress Formality <= 1.5.9 - Local File Inclusion Vulnerability (CVE-2025-48157)
Description:Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue affects Formality: from n/a through <= 1.5.9.

Description

Michele Giorgi Formality <= 1.5.9 contains a file inclusion vulnerability caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires crafted input.

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →