CVE-2025-11815
UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdateThe UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the uip_save_site_option() function in all versions up to, and including, 3.5.08. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary plugin settings. Other AJAX actions are also affected.
We have discovered 5 live websites that are affected by CVE-2025-11815.
Affected Software
| Product |  Uipress Lite |
| Category | Wordpress Plugins |
| Vulnerable Domains | 5 live websites (63% of Uipress Lite install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 50% of all versions) |
Common Weakness Enumeration
CWE-285 Improper AuthorizationDetails
- Published - Nov 21, 2025
- Updated - Apr 8, 2026
Credits
- Rafshanzani Suhada (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-11815 United States | 1 websites |
 Brazil | 1 websites |
 Finland | 1 websites |
 GB | 1 websites |
 Thailand | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-11815| .com | 3 websites |
| .com.br | 1 websites |
| .fi | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-11815
Top websites that are affected by CVE-2025-11815. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.***.br | Brazil | **,***,*** | |
| **********.com | Thailand | **,***,*** | |
| *****.fi | Finland | **,***,*** | |
| **.********.com | GB | **,***,*** | |
| *****.com | United States | ***,***,*** |
FAQ
CVE-2025-11815 is Improper Authorization in Uipress Lite
A total of 5 websites have been identified as vulnerable to CVE-2025-11815, based on global website indexing conducted by WebTechSurvey.
The Uipress Lite is affected by the CVE-2025-11815 vulnerability.
Uipress Lite versions up to and including 3.5.8 are vulnerable to CVE-2025-11815.