cleantalk
Vulnerabilities and Security Researches

Formality, CVE-2025-24690

CVE, Research URL

CVE-2025-24690

Home page URL

Security reports for Formality

Application

Formality

Published on
Mar 26, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality allows PHP Local File Inclusion. This issue affects Formality: from n/a through 1.5.7.
Affected versions
Min -, max 1.5.8.
Status
vulnerable
Previous vulnerability researches
Formality (CVE-2025-24690) , Mar 22, 2025
Formality (CVE-2025-3858) , May 20, 2025
New vulnerability
Printcart Web to Print Product Designer for WooCommerce (CVE-2025-47641) , May 20, 2025
Formality (CVE-2025-3858) , May 20, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2024-9227) , May 19, 2025
Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC (CVE-2024-9450) , May 19, 2025
PWA for WP & AMP (CVE-2024-7759) , May 19, 2025