cleantalk
Vulnerabilities and Security Researches

Trinity Audio – Text to Speech AI audio player to convert content into audio, CVE-2025-9196

CVE, Research URL

CVE-2025-9196

Home page URL

Security reports for Trinity Audio – Text to Speech AI audio player to convert content into audio

Application

Trinity Audio – Text to Speech AI audio player to convert content into audio

Published on
Oct 11, 2025
Research Description
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on install. This makes it possible for unauthenticated attackers to extract sensitive data including configuration data.
Affected versions
max 5.22.0.
Status
vulnerable
Previous vulnerability researches
Theme Editor (CVE-2022-2440) , Aug 29, 2024
Theme Editor (CVE-2025-9890) , Nov 10, 2025
Theme Editor (CVE-2023-6091) , Jun 07, 2024
Theme Editor (CVE-2021-24154) , Jun 07, 2024
New vulnerability
Custom 404 Pro (CVE-2025-9947) , Nov 10, 2025
WP Photo Album Plus (CVE-2025-8726) , Nov 10, 2025
Events Maker by dFactory (CVE-2025-62941) , Nov 10, 2025
Likert Survey Master (CVE-2025-53426) , Nov 10, 2025
Uji Countdown (CVE-2025-52749) , Nov 10, 2025