CVE-2026-27091
WordPress UiPress lite plugin <= 3.5.09 - Broken Access Control vulnerabilityMissing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09.
We have discovered 11 live websites that are affected by CVE-2026-27091.
Affected Software
| Product |  Uipress Lite |
| Category | Wordpress Plugins |
| Vulnerable Domains | 11 live websites (100% of Uipress Lite install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 2 versions ( 100% of all versions) |
Details
- Published - Mar 19, 2026
- Updated - Apr 1, 2026
Credits
- w41bu1 | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-27091 United States | 4 websites |
 Brazil | 1 websites |
 Spain | 1 websites |
 Finland | 1 websites |
 GB | 1 websites |
 Ireland | 1 websites |
 Netherlands | 1 websites |
 Thailand | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2026-27091| .com | 6 websites |
| .com.br | 1 websites |
| .fi | 1 websites |
| .net | 1 websites |
| .org | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-27091
Top websites that are affected by CVE-2026-27091. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.net | Netherlands | **,***,*** | |
| **********.com | Spain | **,***,*** | |
| *****************.com | United States | **,***,*** | |
| *************.***.br | Brazil | **,***,*** | |
| **********.com | Thailand | **,***,*** | |
| ***********.ie | Ireland | **,***,*** | |
| *****.fi | Finland | **,***,*** | |
| **.********.com | GB | **,***,*** | |
| *************.com | United States | **,***,*** | |
| ***********.org | United States | **,***,*** |
FAQ
A total of 11 websites have been identified as vulnerable to CVE-2026-27091, based on global website indexing conducted by WebTechSurvey.
The Uipress Lite is affected by the CVE-2026-27091 vulnerability.
Uipress Lite versions up to and including 3.5.9 are vulnerable to CVE-2026-27091.