4 matches found
CVE-2025-10938
The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uipprocessblockquery' AJAX function. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2025-10938 UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uipprocessblockquery' AJAX function. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2025-3053
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uipprocessforminput function. This is due to the function taking user supplied inputs to execute arbitrary...
WordPress UiPress lite plugin <= 3.5.07 - Authenticated (Subscriber+) Remote Code Execution vulnerability
Authenticated Subscriber+ Remote Code Execution vulnerability discovered by WordFence in WordPress Plugin UiPress lite versions = 3.5.07...