CVE-2025-3053

Name of the Vulnerable Software and Affected Versions: UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress versions up to, and including, 3.5.07

Description: The issue is related to Remote Code Execution in the UiPress lite plugin for WordPress. This is due to the uip process form input() function taking user-supplied inputs to execute arbitrary functions with arbitrary data, and does not have any sort of capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary code on the server.

Recommendations: For versions up to, and including, 3.5.07, update to a version higher than 3.5.07 to resolve the issue. As a temporary workaround, consider disabling the uip process form input() function until a patch is available. Restrict access to the plugin to minimize the risk of exploitation.