CVE-2025-9196 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting the Trinity Audio – Text to Speech AI audio player plugin for WordPress. The vulnerability exists in all versions up to and including 5.21.0 due to the presence of a phpinfo.php file located at ~/admin/inc/phpinfo.php, which is created during the plugin installation process. This file exposes detailed PHP configuration and environment information, including server variables, paths, loaded modules, and potentially sensitive configuration parameters. Because this file is accessible without authentication or user interaction, any remote attacker can retrieve this information simply by accessing the URL path. The exposure of such data can facilitate further attacks by revealing server details, software versions, and configuration settings that could be leveraged to identify additional vulnerabilities or misconfigurations. The CVSS v3.1 base score is 5.3, indicating a medium severity level, with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, meaning it is remotely exploitable with low attack complexity, no privileges or user interaction required, and impacts confidentiality only. No patches or fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability primarily threatens the confidentiality of sensitive information, which could include database credentials, API keys, or other environment-specific data embedded in the PHP info output. Organizations using this plugin should assess their exposure and apply mitigations promptly to prevent unauthorized data disclosure.

The primary impact of CVE-2025-9196 is the unauthorized disclosure of sensitive configuration information from WordPress sites using the Trinity Audio plugin. This information leakage can aid attackers in mapping the target environment, identifying software versions, server configurations, and potentially sensitive credentials or tokens if present in the PHP environment. Such reconnaissance can increase the likelihood of successful follow-on attacks, including privilege escalation, code injection, or lateral movement within the network. Although the vulnerability does not directly affect data integrity or system availability, the confidentiality breach can undermine organizational security postures and lead to data breaches or compliance violations. Organizations relying on this plugin for content audio conversion may face increased risk of targeted attacks, especially if the exposed information reveals critical infrastructure details. The lack of authentication and user interaction requirements makes exploitation straightforward for remote attackers, increasing the threat surface. The absence of known exploits currently reduces immediate risk, but the vulnerability remains a significant concern until remediated.

To mitigate CVE-2025-9196, organizations should take the following specific actions: 1) Immediately verify if the vulnerable phpinfo.php file exists on their WordPress installations using the Trinity Audio plugin by checking the ~/admin/inc/ directory. 2) If present, restrict access to this file by removing it or configuring web server rules (e.g., .htaccess for Apache, location blocks for Nginx) to deny all external HTTP requests to this path. 3) Monitor plugin updates from the vendor and apply patches as soon as they become available to eliminate the creation of this file during installation. 4) Conduct a thorough review of exposed configuration data to identify any sensitive credentials or tokens that may have been leaked and rotate them if necessary. 5) Implement web application firewalls (WAFs) with rules to block access to sensitive internal files and detect suspicious requests targeting plugin directories. 6) Regularly audit WordPress plugins for similar exposure issues and maintain a strict plugin management policy to minimize attack surface. 7) Educate site administrators about the risks of leaving debug or info files accessible in production environments. These targeted steps go beyond generic advice by focusing on detection, access restriction, credential management, and proactive monitoring specific to this vulnerability.