Primary

Context

Spirit Framework WordPress Plugin Local File Inclusion Vulnerability

Vulnerability

A local file inclusion vulnerability has been identified in the Spirit Framework plugin for WordPress, affecting all versions through 1.2.13. This vulnerability allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary PHP files on the server. Exploitation of this vulnerability could lead to bypassing access controls, accessing sensitive data, or executing code in cases where PHP files can be uploaded and included.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data, execution of malicious PHP code on the server, and potentially a complete takeover of the database, depending on the site's configuration.

Remediation

There is no official fix available for this vulnerability. Users are advised to uninstall the affected plugin and seek a replacement.

Added: Sep 12, 2025, 3:21 AM

Updated: Sep 12, 2025, 3:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

3.3

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.6

exploitability

3.3

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spirit Framework WordPress Plugin Local File Inclusion Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating