CVE-2025-11003

UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_ui_template' function in all versions up to, and including, 3.5.08. This makes it possible for authenticated attackers, with Subscriber-level access and above, to save templates that contain custom JavaScript.

We have discovered 5 live websites that are affected by CVE-2025-11003.

Run a Free Instant Scan



Affected Software

Product  Uipress Lite
Category Wordpress Plugins
Vulnerable Domains5 live websites (63% of Uipress Lite install base)
Vulnerable Versions
  • from 0 through 3.5.8
Vulnerable Versions Count1 versions ( 50% of all versions)


Common Weakness Enumeration

CWE-862 Missing Authorization



Details

  • Published - Nov 21, 2025
  • Updated - Apr 8, 2026

Credits

  • abrahack (finder)

Website Distribution by Country

Number of websites using CVE-2025-11003
United States1 websites


Brazil1 websites
Finland1 websites
GB1 websites
Thailand1 websites

Website Distribution by TLD

Number of websites using CVE-2025-11003
.com3 websites
.com.br1 websites
.fi1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-11003

Top websites that are affected by CVE-2025-11003. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*************.***.br Brazil**,***,***
**********.com Thailand**,***,***
*****.fi Finland**,***,***
**.********.com GB**,***,***
*****.com United States***,***,***
See full domain list

FAQ

CVE-2025-11003 is Missing Authorization in Uipress Lite
A total of 5 websites have been identified as vulnerable to CVE-2025-11003, based on global website indexing conducted by WebTechSurvey.
The Uipress Lite is affected by the CVE-2025-11003 vulnerability.
Uipress Lite versions up to and including 3.5.8 are vulnerable to CVE-2025-11003.