WordPress UiPress lite plugin <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

Missing Authorization to Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by abrahack in WordPress Plugin UiPress lite versions = 3.5.08...

CVE-2025-11815

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the uipsavesiteoption function in all versions up to, and including, 3.5.08. This makes it possible for authenticate...

CVE-2025-11003

Summary (CVE-2025-11003): UiPress lite (WordPress plugin) versions up to and including 3.5.08 are affected by a stored XSS vulnerability caused by missing authorization checks in the uip_save_ui_template function. Exploitation requires authenticated access at Subscriber level or higher, enabling ...

CVE-2025-11003 UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uipsaveuitemplate' function in all versions up to, and including, 3.5.08. This makes it possible for...

EUVD-2025-198422

The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uipprocessblockquery' AJAX function. This makes it possible for authenticated attackers, with subscriber-level acces...

CVE-2025-11815

CVE-2025-11815 documents a vulnerability in the UiPress lite plugin for WordPress (versions

CVE-2025-11815 UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the uipsavesiteoption function in all versions up to, and including, 3.5.08. This makes it possible for authenticate...

PT-2025-47673

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip save ui template' function in all versions up to, and including, 3.5.08. This makes it possible for...

WordPress plugin UiPress lite | Effortless custom dashboards, admin themes and pages 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin UiPre...

WordPress plugin UiPress lite 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-47672

The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip process block query' AJAX function. This makes it possible for authenticated attackers, with subscriber-level...