Rewterz

New ChaosBot Leverages AD Credentials via Cisco VPN for Network Control – Active IOCs

October 15, 2025
Rewterz

Windows Agere Modem Driver Zero-Day Escalates Privileges

October 15, 2025

Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-11533 CVSS:9.8

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

CVE-2025-6439 CVSS:9.8

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdp_save_canvas_design_ajax' function in all versions up to, and including, 1.9.26. This makes it possible for unauthenticated attackers to delete all files in an arbitrary directory on the server, which can lead to remote code execution, data loss, or site unavailability.

Impact

  • Privilege Escalation
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2025-11533

  • CVE-2025-6439

Affected Vendors

  • WordPress

Affected Products

  • ApusTheme WP Freeio *
  • JMA Plugins WooCommerce Designer Pro *

Remediation

Update the WordPress plugin to the latest available version.

CVE-2025-11533

CVE-2025-6439

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.