CVE-2025-1309
UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.04 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options UpdateThe UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
We have discovered 2 live websites that are affected by CVE-2025-1309.
Affected Software
| Product |  Uipress Lite |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2 live websites (25% of Uipress Lite install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Mar 7, 2025
- Updated - Apr 8, 2026
Credits
- vgo0 (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-1309 GB | 1 websites |
 Thailand | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-1309| .com | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-1309
Top websites that are affected by CVE-2025-1309. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.com | Thailand | **,***,*** | |
| **.********.com | GB | **,***,*** |
FAQ
CVE-2025-1309 is Missing Authorization in Uipress Lite
A total of 2 websites have been identified as vulnerable to CVE-2025-1309, based on global website indexing conducted by WebTechSurvey.
The Uipress Lite is affected by the CVE-2025-1309 vulnerability.
Uipress Lite versions up to and including 3.5.4 are vulnerable to CVE-2025-1309.