CVE-2025-11003
📋 TL;DR
The UiPress Lite WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to save templates containing custom JavaScript. This enables attackers to inject malicious scripts into WordPress admin interfaces. All WordPress sites using UiPress Lite version 3.5.08 or earlier are affected.
💻 Affected Systems
- UiPress Lite WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject persistent JavaScript payloads that steal admin credentials, redirect users to malicious sites, or perform administrative actions when logged-in users view affected pages.
Likely Case
Attackers with subscriber accounts inject JavaScript that creates backdoors, steals session cookies, or modifies site content when administrators view templates.
If Mitigated
With proper user role management and plugin updates, impact is limited to authorized template modifications only.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker obtains subscriber credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.5.09 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find UiPress Lite and click 'Update Now'. 4. Verify plugin version is 3.5.09 or higher.
🔧 Temporary Workarounds
Disable UiPress Lite plugin
allTemporarily deactivate the vulnerable plugin until patched
wp plugin deactivate uipress-lite
Restrict user registration
allPrevent new user registrations to limit attack surface
wp option update users_can_register 0
🧯 If You Can't Patch
- Remove Subscriber role from all non-essential users and implement least privilege access
- Install web application firewall (WAF) rules to block JavaScript injection attempts in POST requests to uip_save_ui_template endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for UiPress Lite version 3.5.08 or lowerCheck Version:
wp plugin get uipress-lite --field=versionVerify Fix Applied:
Verify UiPress Lite version is 3.5.09 or higher in WordPress admin plugins page📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=uip_save_ui_template from non-admin users
- Unusual template modifications in WordPress activity logs
Network Indicators:
- HTTP POST requests containing JavaScript payloads to admin-ajax.php endpoint
SIEM Query:
source="wordpress.log" AND "uip_save_ui_template" AND user_role!="administrator"🔗 References
- https://plugins.trac.wordpress.org/browser/uipress-lite/tags/3.5.08/admin/classes/PostTypes/UiTemplates.php#L416
- https://plugins.trac.wordpress.org/browser/uipress-lite/tags/3.5.08/admin/core/uiBuilder.php#L613
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b2a01ccc-c98e-4fcc-8eaf-721ec46584fc?source=cve
