Unauthorized Data Modification in UiPress Lite Plugin for WordPress
CVE-2025-1309
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 7 March 2025
What is CVE-2025-1309?
The UiPress Lite plugin for WordPress is susceptible to unauthorized data modification due to a lack of proper capability checks in the uip_save_form_as_option() function. This vulnerability affects all versions up to and including 3.5.04, enabling authenticated attackers with Subscriber-level access and higher to alter arbitrary site options. Exploiting this flaw could allow attackers to change default registration roles to administrator and enable user registrations, ultimately granting them administrative access to vulnerable WordPress installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
UiPress lite | Effortless custom dashboards, admin themes and pages * <= 3.5.04
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved