{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10938", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-25T00:03:45.616Z", "datePublished": "2025-11-21T07:31:55.890Z", "dateUpdated": "2026-04-08T17:26:55.792Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:55.792Z"}, "affected": [{"vendor": "admintwentytwenty", "product": "UiPress lite | Effortless custom dashboards, admin themes and pages", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.5.08", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user data including password hashes, emails, and other user information that could be used for account takeover attacks."}], "title": "UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8aa06eb-774a-4cd9-bd35-2d6409475696?source=cve"}, {"url": "https://wordpress.org/plugins/uipress-lite/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "abrahack"}], "timeline": [{"time": "2025-11-20T19:18:39.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-21T14:48:01.742437Z", "id": "CVE-2025-10938", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:56:39.398Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10938", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-21T14:48:01.742437Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:53:50.472Z"}}], "cna": {"title": "UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure", "credits": [{"lang": "en", "type": "finder", "value": "abrahack"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "admintwentytwenty", "product": "UiPress lite | Effortless custom dashboards, admin themes and pages", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.5.08"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-20T19:18:39.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8aa06eb-774a-4cd9-bd35-2d6409475696?source=cve"}, {"url": "https://wordpress.org/plugins/uipress-lite/"}], "descriptions": [{"lang": "en", "value": "The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user data including password hashes, emails, and other user information that could be used for account takeover attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:55.792Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10938", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:26:55.792Z", "dateReserved": "2025-09-25T00:03:45.616Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-21T07:31:55.890Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The UiPress lite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.08. This is due to missing capability checks in the 'uip_process_block_query' AJAX function. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user data including password hashes, emails, and other user information that could be used for account takeover attacks."}], "id": "CVE-2025-10938", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-21T08:15:48.083", "references": [{"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/uipress-lite/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d8aa06eb-774a-4cd9-bd35-2d6409475696?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T01:26:58.775151+00:00", "value": {"mitigation_remediation": ["Upgrade UiPress lite to version 3.5.09 or later, which restores proper capability checks for the AJAX endpoint.", "If an update is unavailable or delayed, block the 'uip_process_block_query' action for subscriber roles by modifying the plugin code or using a security plugin to enforce role restrictions on that endpoint.", "Restrict subscriber accounts from accessing sensitive data by reducing their capabilities or disabling relevant plugin features until the vulnerability is patched.", "After remediation, consider forcing password changes for all subscriber accounts and enforce a strong password policy to mitigate potential account takeover risks."], "summary": {"action": "Apply Patch", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "All releases of the UiPress lite plugin up to and including version 3.5.08 are vulnerable. Any WordPress site that has installed these or earlier versions of the plugin is exposed. The product is the UiPress lite plugin by admintwentytwenty, used for custom dashboards and admin themes.", "description_and_impact": "The UiPress lite plugin for WordPress permits authenticated users with subscriber-level privileges to invoke the \u2018uip_process_block_query\u2019 AJAX endpoint without performing any capability checks. This missing authorization allows a malicious user to retrieve sensitive user data such as password hashes, e\u2011mail addresses, and other profile information, which could be used for account takeover attempts. The weakness is a Missing Authorization (CWE\u2011862).", "risk_and_exploitability": "The CVSS score of 6.5 indicates intermediate severity. An attacker only needs to be authenticated with a subscriber or higher role\u2014no additional access\u2014making it easy to exploit once legitimate credentials are available. The EPSS score of less than 1% suggests a low current likelihood of widespread exploitation, and the vulnerability is not listed in CISA KEV. Nonetheless, because WordPress plugins are frequent targets, the exposure remains a significant risk for sites that have many subscriber accounts."}}}}, "created": "2025-11-24T09:10:02.563019+00:00", "updated": "2026-04-21T01:30:24.399240+00:00", "vendors": ["uipress", "uipress$PRODUCT$uipress_lite", "wordpress", "wordpress$PRODUCT$wordpress"]}