cleantalk
Vulnerabilities and Security Researches

Trinity Audio – Text to Speech AI audio player to convert content into audio, CVE-2025-9886

CVE, Research URL

CVE-2025-9886

Home page URL

Security reports for Trinity Audio – Text to Speech AI audio player to convert content into audio

Application

Trinity Audio – Text to Speech AI audio player to convert content into audio

Published on
Oct 04, 2025
Research Description
The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.20.2. This is due to missing or incorrect nonce validation in the '/admin/inc/post-management.php' file. This makes it possible for unauthenticated attackers to activate/deactivate posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 5.21.0.
Status
vulnerable
Previous vulnerability researches
Trinity Audio – Text to Speech AI audio player to convert content into audio (CVE-2025-9196) , Nov 10, 2025
Trinity Audio – Text to Speech AI audio player to convert content into audio (CVE-2025-49272) , Jun 15, 2025
Trinity Audio – Text to Speech AI audio player to convert content into audio (CVE-2025-9886) , Oct 12, 2025
Trinity Audio – Text to Speech AI audio player to convert content into audio (CVE-2025-9952) , Oct 12, 2025
New vulnerability
WPeMatico RSS Feed Fetcher (CVE-2025-49922) , Nov 11, 2025
Cost Calculator Builder (CVE-2025-9243) , Nov 11, 2025
Off-Canvas Sidebars & Menus (Slidebars) (CVE-2025-62891) , Nov 11, 2025
LLM Hubspot Blog Import (CVE-2025-11257) , Nov 11, 2025
AI ChatBot (CVE-2025-62952) , Nov 11, 2025