Description
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Published: 2025-03-07
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The UiPress lite plugin for WordPress allows any authenticated user with Subscriber-level access and above to modify site options without a capability check. By exploiting this missing authorization in the uip_save_form_as_option() function, an attacker can change key configuration options, including the default role for new registrations and enabling account registration. This can elevate the attacker to an administrator and grant full site control. The flaw aligns with CWE‑862, Unauthorized Access to a Restricted Resource.

Affected Systems

WordPress sites running the UiPress lite plugin version 3.5.04 or earlier. The vendor is admintwentytwenty, and the affected product is UiPress lite | Effortless custom dashboards, admin themes and pages. No newer versions are mentioned in the input, so all releases <=3.5.04 should be considered vulnerable.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability, and the EPSS score of less than 1% suggests that there is a low but non‑zero likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog yet. Attackers would need to be logged in with Subscriber or higher role; the lack of a direct privilege escalation path means the risk is confined to authenticated users, but because the user can change options that grant administrative rights, the impact is significant. The exploit requires no special network exposure beyond normal authenticated WordPress access.

Generated by OpenCVE AI on April 21, 2026 at 22:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest version of UiPress lite that removes the missing capability check (or uninstall the plugin if no fix is available).
  • Change the default role for new registrations to Subscriber (or remove auto‑registration functionality) so that option updates cannot create administrator accounts.
  • Restrict Subscribers from updating options by tightening role capabilities, for example using a role‑management plugin to remove option‑update permissions from lower‑privileged roles.

Generated by OpenCVE AI on April 21, 2026 at 22:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-7387 The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
History

Fri, 07 Mar 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 07 Mar 2025 07:30:00 +0000

Type Values Removed Values Added
Description The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Title UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:58:12.026Z

Reserved: 2025-02-14T19:46:46.752Z

Link: CVE-2025-1309

cve-icon Vulnrichment

Updated: 2025-03-07T15:36:01.442Z

cve-icon NVD

Status : Deferred

Published: 2025-03-07T08:15:42.017

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-1309

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T22:15:45Z

Weaknesses