Local File Inclusion Vulnerability in Spirit Framework Plugin for WordPress
CVE-2025-10269

7.5HIGH

Key Information:

Vendor: WordPress
Status: Spirit Framework
Vendor: CVE Published:; 12 September 2025

What is CVE-2025-10269?

The Spirit Framework plugin for WordPress is susceptible to a serious Local File Inclusion vulnerability in all versions up to 1.2.13. Authenticated users with Subscriber-level access or higher are able to exploit this vulnerability, allowing them to include and execute arbitrary .php files stored on the server. This exploitation can lead to access control bypass, enabling attackers to retrieve sensitive information or execute malicious PHP code through files that they can upload. It is crucial for users and website administrators to take preventive measures to secure their installations against potential threats associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Spirit Framework * <= 1.2.13

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://patchstack.com/database/wordpress/plugin/spirit-f...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2025
Vulnerability Reserved
Sep 11, 2025

Credit

Bonds

JSON

WordPress

What is CVE-2025-10269?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.