Oct 11, 2025 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • WordPress plugin RCE/exploit activity: 3 CVEs flagged today.
  • 3 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Critical exposure

CVE-2025-11533 The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, a...

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-6553 The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to m...

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Critical exposure

CVE-2025-6439 The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design...

  • CVSS 9.8
  • Internet-facing CMS deployments affected

New critical disclosure (CVSS 9.8) — high severity with a short public awareness window before exploit material typically surfaces.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

Nothing flagged in this category for this digest.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2025-11533 CVSS 9.8

The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21.

CVE-2025-6439 CVSS 9.8

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable...

CVE-2025-6553 CVSS 9.8

The Ovatheme Events Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the proce...

View critical disclosures

cvelogic Threat Intelligence