{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11003", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-25T19:27:06.930Z", "datePublished": "2025-11-21T07:31:55.120Z", "dateUpdated": "2026-04-08T17:16:28.856Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:16:28.856Z"}, "affected": [{"vendor": "admintwentytwenty", "product": "UiPress lite | Effortless custom dashboards, admin themes and pages", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.5.08", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_ui_template' function in all versions up to, and including, 3.5.08. This makes it possible for authenticated attackers, with Subscriber-level access and above, to save templates that contain custom JavaScript."}], "title": "UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2a01ccc-c98e-4fcc-8eaf-721ec46584fc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/uipress-lite/tags/3.5.08/admin/core/uiBuilder.php#L613"}, {"url": "https://plugins.trac.wordpress.org/browser/uipress-lite/tags/3.5.08/admin/classes/PostTypes/UiTemplates.php#L416"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "abrahack"}], "timeline": [{"time": "2025-11-20T19:18:03.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-21T14:48:03.063109Z", "id": "CVE-2025-11003", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:56:50.662Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11003", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-21T14:48:03.063109Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-21T14:53:51.198Z"}}], "cna": {"title": "UiPress lite <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "abrahack"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "admintwentytwenty", "product": "UiPress lite | Effortless custom dashboards, admin themes and pages", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.5.08"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-20T19:18:03.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2a01ccc-c98e-4fcc-8eaf-721ec46584fc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/uipress-lite/tags/3.5.08/admin/core/uiBuilder.php#L613"}, {"url": "https://plugins.trac.wordpress.org/browser/uipress-lite/tags/3.5.08/admin/classes/PostTypes/UiTemplates.php#L416"}], "descriptions": [{"lang": "en", "value": "The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_ui_template' function in all versions up to, and including, 3.5.08. This makes it possible for authenticated attackers, with Subscriber-level access and above, to save templates that contain custom JavaScript."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:16:28.856Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11003", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:16:28.856Z", "dateReserved": "2025-09-25T19:27:06.930Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-21T07:31:55.120Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'uip_save_ui_template' function in all versions up to, and including, 3.5.08. This makes it possible for authenticated attackers, with Subscriber-level access and above, to save templates that contain custom JavaScript."}], "id": "CVE-2025-11003", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-21T08:15:48.400", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/uipress-lite/tags/3.5.08/admin/classes/PostTypes/UiTemplates.php#L416"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/uipress-lite/tags/3.5.08/admin/core/uiBuilder.php#L613"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b2a01ccc-c98e-4fcc-8eaf-721ec46584fc?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T01:27:32.315046+00:00", "value": {"mitigation_remediation": ["Upgrade UiPress lite to a version newer than 3.5.08, ensuring the uip_save_ui_template function now includes a proper capability check for administrator\u2011only access. ", "If an update is not yet available, remove the ability for users with Subscriber or lower privileges to create or modify UI templates by editing the plugin\u2019s role\u2011management settings or using a custom role\u2011management plugin to enforce stricter capability requirements. ", "Review and sanitize all existing UI templates in the site\u2019s database for the presence of unsafe JavaScript; remove or neutralize any suspicious code before rendering."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting caused by missing authorization"}, "threat_synthesis": {"affected_systems": "This flaw exists in the admintwentytwenty:UiPress lite plugin version 3.5.08 and all earlier releases. The vulnerability is confined to the WordPress plugin environment and only affects installations that have the unit enabled and allow non\u2011administrator users to edit or create UI templates. Any WordPress site that has not upgraded beyond 3.5.08 and provides template editing rights to subscribers or higher is potentially impacted.", "description_and_impact": "The UiPress lite WordPress plugin allows a template to be saved by executing the function uip_save_ui_template without verifying the user\u2019s capability. As a result, any authenticated user who has at least Subscriber access can create or modify a template that contains arbitrary JavaScript. When a site visitor or administrator opens the page that renders the template, the injected code is executed in the visitor\u2019s browser, giving the attacker the ability to deface the site, steal session cookies, track users, or otherwise compromise the integrity and confidentiality of the WordPress installation.", "risk_and_exploitability": "The CVSS score of 6.4 indicates a moderate severity, and the EPSS score of < 1% points to a low probability of exploitation at present. However, because the flaw permits stored cross\u2011site scripting, the impact could be severe if an attacker succeeds. The vulnerability is not cataloged in CISA\u2019s KEV database, and no other public exploits have been reported. Attackers must be authenticated, but the minimum required privilege level is only Subscriber, which is granted to many users on a typical WordPress site. Once the malicious template is saved, any visitor to the affected page will run the injected code, making the risk both wide and immediate for users who view the crafted content."}}}}, "created": "2025-11-24T09:10:06.654418+00:00", "updated": "2026-04-21T01:30:24.400624+00:00", "vendors": ["uipress", "uipress$PRODUCT$uipress_lite", "wordpress", "wordpress$PRODUCT$wordpress"]}