PT-2025-47672 · WordPress · Uipress Lite
Abrahack
·
Published
2025-11-21
·
Updated
2025-11-21
·
CVE-2025-10938
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
UiPress lite plugin for WordPress versions prior to 3.5.09
Description
The UiPress lite plugin for WordPress is susceptible to exposure of sensitive information. This is a result of absent capability checks within the
uip process block query function, which is accessible via AJAX. Attackers with subscriber-level access or higher can potentially retrieve sensitive user data, including password hashes and email addresses, which could lead to account takeover.Recommendations
Update the UiPress lite plugin to version 3.5.09 or later.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Uipress Lite