CVE-2025-10938
📋 TL;DR
The UiPress Lite WordPress plugin has a vulnerability that allows authenticated attackers with subscriber-level access or higher to extract sensitive user data including password hashes and emails. This affects all versions up to 3.5.08. The exposed information could enable account takeover attacks.
💻 Affected Systems
- UiPress Lite WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to password hashes enabling offline cracking, compromise administrator accounts, and take over the entire WordPress site.
Likely Case
Attackers extract user emails and password hashes, potentially compromising multiple user accounts through password cracking or credential stuffing attacks.
If Mitigated
With proper access controls and monitoring, attackers may still extract data but would be detected before causing significant damage.
🎯 Exploit Status
Exploitation requires authenticated access but only at subscriber level, which is the lowest WordPress user role. The vulnerability is in a public AJAX endpoint with missing capability checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.5.09 or later
Vendor Advisory: https://wordpress.org/plugins/uipress-lite/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find UiPress Lite and click 'Update Now'. 4. Verify the plugin version is 3.5.09 or higher.
🔧 Temporary Workarounds
Disable UiPress Lite Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate uipress-lite
Restrict AJAX Endpoint Access
allAdd capability checks to block unauthorized access to the vulnerable endpoint
Add 'current_user_can' check in uip_process_block_query function
🧯 If You Can't Patch
- Remove subscriber-level access from all untrusted users
- Implement web application firewall rules to block requests to the vulnerable AJAX endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for UiPress Lite version 3.5.08 or lowerCheck Version:
wp plugin get uipress-lite --field=versionVerify Fix Applied:
Verify UiPress Lite plugin version is 3.5.09 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual AJAX requests to /wp-admin/admin-ajax.php with action=uip_process_block_query from subscriber-level users
- Multiple failed login attempts following data extraction
Network Indicators:
- HTTP POST requests to admin-ajax.php with uip_process_block_query parameter from non-admin IPs
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "uip_process_block_query" AND user_role="subscriber"