CVE-2025-10269

Name of the Vulnerable Software and Affected Versions: Spirit Framework plugin for WordPress versions through 1.2.13

Description: The Spirit Framework plugin for WordPress is susceptible to Local File Inclusion. Authenticated attackers with Subscriber-level access or higher can include and execute arbitrary .php files on the server. This allows for the execution of PHP code within those files, potentially bypassing access controls and obtaining sensitive data. In scenarios where .php file uploads are permitted, this can lead to code execution.

Recommendations: Update Spirit Framework plugin to a version later than 1.2.13.