Uipress Lite
by WordPress
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-3053 | Hig | 0.50 | 8.8 | 0.01 | May 15, 2025 | The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function taking user supplied inputs to… | ||
| CVE-2025-1309 | Hig | 0.50 | 8.8 | 0.00 | Mar 7, 2025 | The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up… | ||
| CVE-2025-11003 | Med | 0.42 | 6.4 | 0.00 | Nov 21, 2025 | The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_ui_template' function in all versions up to, and including, 3.5.08. This makes it… | ||
| CVE-2025-10938 | Med | 0.42 | 6.5 | 0.00 | Nov 21, 2025 | The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authenticated attackers, with… | ||
| CVE-2026-27091 | Med | 0.41 | 6.3 | 0.00 | Mar 19, 2026 | Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09. | ||
| CVE-2026-2294 | Med | 0.28 | 4.3 | 0.00 | Mar 21, 2026 | The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_global_settings' function in all versions up to, and including, 3.5.09. This makes… | ||
| CVE-2025-11815 | Med | 0.21 | 4.3 | 0.00 | Nov 21, 2025 | The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the uip_save_site_option() function in all versions up to, and including, 3.5.08. This makes it… |
- risk 0.50cvss 8.8epss 0.01
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function taking user supplied inputs to…
- risk 0.50cvss 8.8epss 0.00
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up…
- risk 0.42cvss 6.4epss 0.00
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_ui_template' function in all versions up to, and including, 3.5.08. This makes it…
- risk 0.42cvss 6.5epss 0.00
The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authenticated attackers, with…
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09.
- risk 0.28cvss 4.3epss 0.00
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_global_settings' function in all versions up to, and including, 3.5.09. This makes…
- risk 0.21cvss 4.3epss 0.00
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the uip_save_site_option() function in all versions up to, and including, 3.5.08. This makes it…