WordPress plugin Freeio 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Attackers Actively Exploiting Critical Vulnerability in WP Freeio Plugin

On September 25th, 2025, we received a submission for a Privilege Escalation vulnerability in WP Freeio, a WordPress plugin bundled in the Freeio premium theme with more than 1,700 sales. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative...

EUVD-2025-33819

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...

CVE-2025-11533

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...

CVE-2025-11533 WP Freeio <= 1.2.21 - Unauthenticated Privilege Escalation

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...

CVE-2025-11533

Summary of CVE-2025-11533 (WP Freeio, WordPress): A privilege-escalation flaw in WP Freeio allows an unauthenticated attacker to specify the administrator role during user registration due to insufficient restrictions in the process_register() function. Affected versions are up to and including 1...

VulnCheck KEV: CVE-2025-11533

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the processregister function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the...

WordPress WP Freeio plugin <= 1.2.21 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Foxyyy in WordPress Plugin WP Freeio versions = 1.2.21...