CVE-2025-11533
published 2025-10-11CVE-2025-11533: The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register()…
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.56%
42.6th percentile
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apustheme | wp_freeio | <= 1.2.21 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerable function is process_register() in the WP Freeio plugin — monitor for unauthenticated POST requests to WordPress registration endpoints that include an 'administrator' role parameter, which should never be user-supplied. ↗
- →Wordfence detected active in-the-wild exploitation of CVE-2025-11533 against the WP Freeio premium WordPress theme — review WAF/IDS logs for blocked exploit attempts targeting registration flows on sites running this theme. ↗
- ·All versions of WP Freeio up to and including 1.2.21 are vulnerable; exploitation requires no authentication and no special preconditions — any unauthenticated user can register with the 'administrator' role. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9x94-9742-rrg5: The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1
ghsa_unreviewed·2025-10-11
CVE-2025-11533 [CRITICAL] CWE-269 GHSA-9x94-9742-rrg5: The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
VulnCheck
Improper Privilege Management
vulncheck·2025·CVSS 9.8
CVE-2025-11533 [CRITICAL] Improper Privilege Management
Improper Privilege Management
The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
Affected: ApusTheme WP Freeio plugin for WordPress
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-freeio/wp-freeio-1221-unauthenticated-privilege-escalation; https://www.wordfence.c
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Hackers exploit critical auth bypass flaw in JobMonster WordPress theme
blogs_bleepingcomputer·2025-11-04·CVSS 9.8
[CRITICAL] Hackers exploit critical auth bypass flaw in JobMonster WordPress theme
## Hackers exploit critical auth bypass flaw in JobMonster WordPress theme
## Bill Toulas
Threat actors are targeting a critical vulnerability in the JobMonster WordPress theme that allows hijacking of administrator accounts under certain conditions.
The malicious activity was detected by Wordfence, a WordPress security firm, after blocking multiple exploit attempts against its clients over the past 24 hours.
JobMonster, created by NooThemes, is a premium WordPress theme used by job listing sites, recruitment/hiring portals, candidate search tools, etc. The theme has over 5,500 sales on Envato .
The exploited vulnerability is identified as CVE-2025-5397 and has a critical-severity score of 9.8. It is an authentication bypass problem that imapcts all versions of the theme up to 4.8.1.
Bugzilla
CVE-2025-46835 git: Git GUI can create and overwrite files for which the user has write permission
bugzilla·2025-07-10·CVSS 8.5
CVE-2025-46835 [HIGH] CVE-2025-46835 git: Git GUI can create and overwrite files for which the user has write permission
CVE-2025-46835 git: Git GUI can create and overwrite files for which the user has write permission
Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a file located in a maliciously named directory in the repository, then Git GUI can create and overwrite files for which the user has write permission. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:11462 https://access.redhat.com/errata/RHSA-2025:11462
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:11533 https://access.redh
Bugzilla
CVE-2025-27613 gitk: Git file creation flaw
bugzilla·2025-07-09·CVSS 3.6
CVE-2025-27613 [LOW] CVE-2025-27613 gitk: Git file creation flaw
CVE-2025-27613 gitk: Git file creation flaw
When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of the option being enabled or not.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:11462 https://access.redhat.com/errata/RHSA-2025:11462
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:11533 https://access.redhat.com/errata/RHSA-2025:11533
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2025:115
Bugzilla
CVE-2025-27614 gitk: git script execution flaw
bugzilla·2025-07-09·CVSS 8.6
CVE-2025-27614 [HIGH] CVE-2025-27614 gitk: git script execution flaw
CVE-2025-27614 gitk: git script execution flaw
A Git repository can be crafted in such a way that a user who has cloned the repository can be tricked into running any script supplied by the attacker by invoking `gitk filename`, where `filename` has a particular structure.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:11462 https://access.redhat.com/errata/RHSA-2025:11462
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 10
Via RHSA-2025:11533 https://access.redhat.com/errata/RHSA-2025:11533
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2025:11534 https://access.redhat.com/errata/RHSA-2025:11534
---
This issue has been addresse
2025-10-11
Published
Exploited in the wild