Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Spirit Framework WordPress Plugin Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Exploited

A vulnerability allowing authentication bypass has been identified in the Spirit Framework plugin for WordPress, affecting all versions through 1.2.14. The issue arises because the custom_actions() function fails to properly validate user identities before authentication. This flaw enables unauthenticated attackers to log in as any user, including administrators, provided they know the administrator's username.

Impact

Exploitation of this vulnerability allows for unauthorized login as any user, including administrators, leading to potential account takeover and privilege escalation.

Remediation

Users are advised to update the Spirit Framework plugin to version 1.2.15 or a newer patched version.

Added: Oct 3, 2025, 9:19 AM

Updated: Oct 3, 2025, 9:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

9.1

remediation

7.7

relevance

0.6

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

9.1

remediation

7.7

relevance

0.6

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Spirit Framework WordPress Plugin Authentication Bypass Vulnerability Allowing Account Takeover

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating