CVE-2025-11815

Name of the Vulnerable Software and Affected Versions UiPress lite versions prior to 3.5.09

Description The UiPress lite plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check within the uip save site option() function, allowing authenticated attackers with Subscriber-level access or higher to alter arbitrary plugin settings. Other AJAX actions are also affected.

Recommendations Update UiPress lite to version 3.5.09 or later.