Description
The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user data including password hashes, emails, and other user information that could be used for account takeover attacks.
Published: 2025-11-21
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Information Exposure
Action: Apply Patch
AI Analysis

Impact

The UiPress lite plugin for WordPress permits authenticated users with subscriber-level privileges to invoke the ‘uip_process_block_query’ AJAX endpoint without performing any capability checks. This missing authorization allows a malicious user to retrieve sensitive user data such as password hashes, e‑mail addresses, and other profile information, which could be used for account takeover attempts. The weakness is a Missing Authorization (CWE‑862).

Affected Systems

All releases of the UiPress lite plugin up to and including version 3.5.08 are vulnerable. Any WordPress site that has installed these or earlier versions of the plugin is exposed. The product is the UiPress lite plugin by admintwentytwenty, used for custom dashboards and admin themes.

Risk and Exploitability

The CVSS score of 6.5 indicates intermediate severity. An attacker only needs to be authenticated with a subscriber or higher role—no additional access—making it easy to exploit once legitimate credentials are available. The EPSS score of less than 1% suggests a low current likelihood of widespread exploitation, and the vulnerability is not listed in CISA KEV. Nonetheless, because WordPress plugins are frequent targets, the exposure remains a significant risk for sites that have many subscriber accounts.

Generated by OpenCVE AI on April 21, 2026 at 01:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade UiPress lite to version 3.5.09 or later, which restores proper capability checks for the AJAX endpoint.
  • If an update is unavailable or delayed, block the 'uip_process_block_query' action for subscriber roles by modifying the plugin code or using a security plugin to enforce role restrictions on that endpoint.
  • Restrict subscriber accounts from accessing sensitive data by reducing their capabilities or disabling relevant plugin features until the vulnerability is patched.
  • After remediation, consider forcing password changes for all subscriber accounts and enforce a strong password policy to mitigate potential account takeover risks.

Generated by OpenCVE AI on April 21, 2026 at 01:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 24 Nov 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Uipress
Uipress uipress Lite
Wordpress
Wordpress wordpress
Vendors & Products Uipress
Uipress uipress Lite
Wordpress
Wordpress wordpress

Fri, 21 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 21 Nov 2025 07:45:00 +0000

Type Values Removed Values Added
Description The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user data including password hashes, emails, and other user information that could be used for account takeover attacks.
Title UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Uipress Uipress Lite
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:26:55.792Z

Reserved: 2025-09-25T00:03:45.616Z

Link: CVE-2025-10938

cve-icon Vulnrichment

Updated: 2025-11-21T14:53:50.472Z

cve-icon NVD

Status : Deferred

Published: 2025-11-21T08:15:48.083

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-10938

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T01:30:24Z

Weaknesses