Theme-Spirit Spirit Framework vulnerabilities
2 known vulnerabilities affecting theme-spirit/spirit_framework.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-6388P1CRITICALCVSS 9.8Exploited≤ 1.2.142025-10-03
CVE-2025-6388 [CRITICAL] CWE-288 CVE-2025-6388: The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up
The Spirit Framework plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.2.14. This is due to the custom_actions() function not properly validating a user's identity prior to authenticating them to the site. This makes it possible for unauthenticated attackers to log in as any user, including administra
nvd
CVE-2025-10269P3HIGHCVSS 7.5≤ 1.2.132025-09-12
CVE-2025-10269 [HIGH] CWE-98 CVE-2025-10269: The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up t
The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to by
nvd