CVE-2025-9886

Name of the Vulnerable Software and Affected Versions Trinity Audio – Text to Speech AI audio player plugin for WordPress versions prior to 5.20.2

Description The software is susceptible to Cross-Site Request Forgery. This is because of a lack of, or incorrect, nonce validation in the '/admin/inc/post-management.php' file. This allows unauthenticated attackers to activate or deactivate posts by forging requests, provided they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update to a version newer than 5.20.2.