CVE-2025-6388 | Spirit Framework Plugin up to 1.2.14 on WordPress custom_actions improper authentication

October 3, 2025 Yanac

A vulnerability was found in Spirit Framework Plugin up to 1.2.14 on WordPress and classified as critical. This affects the function custom_actions. Such manipulation leads to improper authentication.

This vulnerability is traded as CVE-2025-6388. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More

CVE-2025-9209 | RestroPress Plugin up to 3.1.9.2 on WordPress REST API Endpoint /wp-json/wp/v2/users information disclosure
CVE-2025-9286 | Appy Pie Connect for WooCommerce Plugin up to 1.1.2 on WordPress REST reset_user_password authorization