Wordfence Alerts to WP Freeio Flaw Under Active Attack
The Wordfence Threat Intelligence team has issued an urgent advisory about active exploitation of a critical vulnerability in the WP Freeio plugin for WordPress. Tracked as CVE-2025-11533, the flaw carries a CVSS score of 9.8 and enables privilege escalation, allowing attackers to take over vulnerable sites. Wordfence alerts to WP Freeio users emphasize the severity of the threat and recommend immediate action.
The vulnerability impacts premium WordPress themes that rely on WP Freeio, a plugin widely used for freelance marketplace functionality. Threat actors are actively exploiting the flaw in the wild, prompting concerns from security analysts. Wordfence alerts to WP administrators underline the importance of applying patches or disabling the plugin until a fix is implemented.
In addition to CVE-2025-11533, other vulnerabilities recently reported include CVE-2025-11371, CVE-2025-54253, CVE-2025-27915, CVE-2024-7781, and CVE-2024-7782.
Read the full report at