CVE-2025-3053
UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.07 - Authenticated (Subscriber+) Remote Code ExecutionThe UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function taking user supplied inputs to execute arbitrary functions with arbitrary data, and does not have any sort of capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary code on the server.
We have discovered 3 live websites that are affected by CVE-2025-3053.
Affected Software
| Product |  Uipress Lite |
| Category | Wordpress Plugins |
| Vulnerable Domains | 3 live websites (38% of Uipress Lite install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-94 Improper Control of Generation of Code ('Code Injection')Details
- Published - May 15, 2025
- Updated - Apr 8, 2026
Credits
- cynau1t (finder)
- TIANGONG Team (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-3053 Finland | 1 websites |
 GB | 1 websites |
 Thailand | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-3053| .com | 2 websites |
| .fi | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-3053
Top websites that are affected by CVE-2025-3053. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.com | Thailand | **,***,*** | |
| *****.fi | Finland | **,***,*** | |
| **.********.com | GB | **,***,*** |
FAQ
CVE-2025-3053 is Improper Control of Generation of Code ('Code Injection') in Uipress Lite
A total of 3 websites have been identified as vulnerable to CVE-2025-3053, based on global website indexing conducted by WebTechSurvey.
The Uipress Lite is affected by the CVE-2025-3053 vulnerability.
Uipress Lite versions up to and including 3.5.7 are vulnerable to CVE-2025-3053.