CVE-2025-9196
Trinity Audio <= 5.21.0 - Unauthenticated Information Exposure
mediumExposure of Sensitive Information to an Unauthorized Actor
5.3
CVSS Score
5.3
CVSS Score
medium
Severity
5.22.0
Patched in
1d
Time to patch
Description
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on install. This makes it possible for unauthenticated attackers to extract sensitive data including configuration data.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NAttack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Low
Confidentiality
None
Integrity
None
Availability
Technical Details
Affected versions
<=5.21.0PublishedOctober 10, 2025
Last updatedOctober 11, 2025
Affected plugintrinity-audio
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.