21 matches found
CVE-2026-39679
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
EUVD-2026-20362
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
CVE-2026-39679
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
CVE-2026-39679
CVE-2026-39679 is a local file inclusion (LFI) in the WordPress Freeio/ApusTheme Freeio plugin/theme. Affected: Freeio versions up to and including 1.3.21 (and related Freeio/Freeio themes referenced in Red Hat/EUVD records and CVE listings). Root cause: improper control of filenames for include/...
CVE-2026-39679 WordPress Freeio theme <= 1.3.21 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
CVE-2026-39679
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
CVE-2026-39679 WordPress Freeio theme <= 1.3.21 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
WordPress plugin Freeio 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-31241
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusTheme Freeio freeio allows PHP Local File Inclusion.This issue affects Freeio: from n/a through = 1.3.21...
CVE-2025-11533
creationtimestamp| type| source ---|---|--- 2025-10-29 21:41:13+00:00| exploited| https://www.wordfence.com/blog/2025/10/attackers-actively-exploiting-critical-vulnerability-in-wp-freeio-plugin/ 2025-10-30 02:17:06+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m4evgaz2pz2s...
Attackers Actively Exploiting Critical Vulnerability in WP Freeio Plugin
On September 25th, 2025, we received a submission for a Privilege Escalation vulnerability in WP Freeio, a WordPress plugin bundled in the Freeio premium theme with more than 1,700 sales. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative...
CVE-2025-11533
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...
EUVD-2025-33819
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...
CVE-2025-11533
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...
CVE-2025-11533
Summary of CVE-2025-11533 (WP Freeio, WordPress): A privilege-escalation flaw in WP Freeio allows an unauthenticated attacker to specify the administrator role during user registration due to insufficient restrictions in the process_register() function. Affected versions are up to and including 1...
CVE-2025-11533 WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...
CVE-2025-11533 WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...
VulnCheck KEV: CVE-2025-11533
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...
PT-2025-41644
Name of the Vulnerable Software and Affected Versions WP Freeio versions prior to 1.4.29 WP Freeio versions 1.2.21 and earlier Description The WP Freeio plugin for WordPress is affected by a privilege escalation issue. The process register function does not adequately restrict user role assignmen...
WordPress plugin WP Freeio 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...