WordPress · Uipress Lite · CVE-2026-2294
**Name of the Vulnerable Software and Affected Versions**
UiPress lite versions up to and including 3.5.09
**Description**
The UiPress lite plugin for WordPress allows authenticated attackers with Subscriber-level access or higher to modify arbitrary plugin settings. This is due to a missing capability check on the `uip save global settings()` function.
**Recommendations**
Update UiPress lite to a version later than 3.5.09.