cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foruipress-lite uipress-lite

Direction: descending
May 15, 2025

UiPress lite | Effortless custom dashboards, admin themes and pages # CVE-2025-3053

CVE, Research URL

CVE-2025-3053

Home page URL

Security reports for UiPress lite | Effortless custom dashboards, admin themes and pages

Application

UiPress lite | Effortless custom dashboards, admin themes and pages

Date
May 15, 2025
Research Description
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07 via the uip_process_form_input() function. This is due to the function taking user supplied inputs to execute arbitrary functions with arbitrary data, and does not have any sort of capability check. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary code on the server.
Affected versions
Min -, max -.
Status
vulnerable
Mar 09, 2025

UiPress lite | Effortless custom dashboards, admin themes and pages # CVE-2025-1309

CVE, Research URL

CVE-2025-1309

Home page URL

Security reports for UiPress lite | Effortless custom dashboards, admin themes and pages

Application

UiPress lite | Effortless custom dashboards, admin themes and pages

Date
Mar 07, 2025
Research Description
The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the uip_save_form_as_option() function in all versions up to, and including, 3.5.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Affected versions
Min -, max -.
Status
vulnerable
Jul 22, 2024

UiPress lite | Effortless custom dashboards, admin themes and pages # CVE-2024-38788

CVE, Research URL

CVE-2024-38788

Home page URL

Security reports for UiPress lite | Effortless custom dashboards, admin themes and pages

Application

UiPress lite | Effortless custom dashboards, admin themes and pages

Date
Jul 22, 2024
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bởi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06.
Affected versions
Min -, max -.
Status
vulnerable