CVE-2025-9196

MEDIUM NUCLEI

Trinity Audio - Text to Speech AI <5.21.0 - Info Disclosure

Title source: llm

Description

The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the ~/admin/inc/phpinfo.php file that gets created on install. This makes it possible for unauthenticated attackers to extract sensitive data including configuration data.

Exploits (2)

github WORKING POC 4 stars

by halilkirazkaya · poc

https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2025/CVE-2025-9196.md

View Code ZIP pw:eip

nomisec WRITEUP

by MooseLoveti · poc

https://github.com/MooseLoveti/Trinity-Audio-CVE-Report

View Code ZIP pw:eip

Nuclei Templates (1)

Trinity Audio <= 5.21.0 - Information Exposure

MEDIUMVERIFIEDby Kazgangap

FOFA: body="/wp-content/plugins/trinity-audio"

References (2)

[Product] https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3373045%40trinity-audio&new=3373045%40trinity-audio&sfp_email=&sfph_mail=

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/64889659-24d6-40d9-97ba-b448f5205a96?source=cve

Scores

CVSS v3 5.3

EPSS 0.0047

EPSS Percentile 64.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

sergiotrinity/Trinity Audio – Text to Speech AI audio player to convert content into audio < 5.21.0

Published Oct 11, 2025

Tracked Since Feb 18, 2026