CVE-2025-11533

Name of the Vulnerable Software and Affected Versions WP Freeio versions prior to 1.4.29 WP Freeio versions 1.2.21 and earlier

Description The WP Freeio plugin for WordPress is affected by a privilege escalation issue. The process register() function does not adequately restrict user role assignments during registration. This allows unauthenticated attackers to register with the administrator role, gaining administrative access to the WordPress site. The administrator role can be supplied during registration due to insufficient restrictions in the process register() function.

Recommendations WP Freeio versions prior to 1.4.29: Update to version 1.4.29 or later. WP Freeio version 1.2.21 and earlier: Update to version 1.4.29 or later.