CVE-2026-2294

Name of the Vulnerable Software and Affected Versions UiPress lite versions up to and including 3.5.09

Description The UiPress lite plugin for WordPress allows authenticated attackers with Subscriber-level access or higher to modify arbitrary plugin settings. This is due to a missing capability check on the uip save global settings() function.

Recommendations Update UiPress lite to a version later than 3.5.09.