CVE-2025-9196

The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...

CVE-2025-9196

Summary of CVE-2025-9196 (Trinity Audio WordPress plugin) : The Trinity Audio Text to Speech AI plugin (WordPress) versions up to 5.21.0 allows unauthenticated information exposure via the file path ~/admin/inc/phpinfo.php created on install. The vulnerability enables retrieval of sensitive data,...

CVE-2025-9196 Trinity Audio <= 5.21.0 - Unauthenticated Information Exposure

The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.21.0 via the /admin/inc/phpinfo.php file that gets created on install. This makes it possible for...

PT-2025-41645

Name of the Vulnerable Software and Affected Versions Trinity Audio – Text to Speech AI plugin for WordPress versions prior to 5.21.1 Description The software is susceptible to exposure of sensitive information. An unauthenticated attacker can extract configuration data through the...

WordPress plugin Trinity Audio 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

CVE-2025-2883

The Accept SagePay Payments Using Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive...

WordPress plugin DAP to Autoresponders Email Syncing 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. An information disclosure...

MTN Group: Unauthenticated phpinfo()files could lead to ability file read at █████████

The remote web server contained a PHP script that exposed sensitive information about the server's configuration through the phpinfo function. This information could have been used by an attacker to conduct further attacks against the system...

PT-2024-38270 · Unknown · Youdiancms

Name of the Vulnerable Software and Affected Versions: YouDianCMS version 7 Description: A problematic issue has been found in the processing of the file "/t.php?action=phpinfo", leading to information disclosure. The attack can be initiated remotely. The vendor was contacted about this disclosur...

Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF

The plugin does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack To delete /phpinfo.php:...

All Vulnerabilities for adnansiddiqi.me Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

The Offensive Web Application Penetration Testing Framework: TIDoS

TIDoS Framework is a comprehensive web-app audit framework. TIDoS is made to be comprehensive and versatile. It is a highly flexible framework where you just have to select and use modules. But before that, you need to set your own API KEYS for various OSINT purposes. To do so, open up APIKEYS.py...

CVE-2009-2160

TorrentTrader Classic 1.09 allows remote attackers to 1 obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function; and allows remote attackers to 2 obtain other potentially sensitive information via a direct request to check.php...

SQL-Injection in evoArticles

Advisory: SQL-Injection in evoArticles Home Page: http://evo-dev.com/ Уязвимость/Vulnerability: SQL-injection Уязвимый скрипт/Vulnerable script: index.php http://www.target.com/index.php?do=cat&total=19&cid=37&sort=date&order=desc'&page=2...

Web Server info.php / phpinfo.php Detection

Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo' for debugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remote attacker can discover a large amount of information about the remote web...

Information Disclosure with Invision Board installation &#40;fwd&#41;

Message Index Thread Index Reply prev Msg by Date next Msg by Date To: BugTraq Subject: Information Disclosure with Invision Board installation fwd Date: Sep 24 2002 10:11PM Author: Gossi The Dog [email protected] Message-ID: [email protected] Since the vendor...