CVE-2025-11533CRITICAL 9.8EPSS p42.4%

CVE-2025-11533CVE-2025-11533

Description

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.56% probability of exploitation · percentile 42.4% · 2026-06-18T12:00:27Z
Published2025-10-11
Last modified2026-04-15

Underlying weaknesses· 1

CWE-269

References

  1. https://themeforest.net/item/freeio-freelance-marketplace-wordpress-theme/42045416
  2. https://www.wordfence.com/threat-intel/vulnerabilities/id/0db85f84-04e9-42eb-a16b-96554fbfd186?source=cve

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13540
CVE
CVE-2025-13764
CVE
CVE-2025-4334
CVE
CVE-2025-14533
CVE
CVE-2025-2237
CVE
CVE-2025-2563
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.