Attackers Actively Exploiting Critical Vulnerability in WP Freeio Plugin

On September 25th, 2025, we received a submission for a Privilege Escalation vulnerability in WP Freeio, a WordPress plugin bundled in the Freeio premium theme with more than 1,700 sales. This vulnerability makes it possible for an unauthenticated attacker to grant themselves administrative privileges by specifying user role during registration. The vendor released the patched version on October 9th, 2025, and we originally disclosed this vulnerability in the Wordfence Intelligence vulnerability database on October 10th, 2025. Our records indicate that attackers started exploiting the issue on the same day, on October 10th, 2025. The Wordfence Firewall has already blocked over

Click here to continue reading this article.

István Márton

Author archive

October 30, 2025

Plugins, Threat Research, Vulnerabilities, Wordfence Intelligence, WordPress Blogs, WordPress Security

Comments are closed.

Up ↑

Your WordPress News Dashboard

Attackers Actively Exploiting Critical Vulnerability in WP Freeio Plugin

István Márton

Latest posts

Text widget

Sponsored by WP Mayor

Latest posts

Built with WP RSS Aggregator