CVE-2026-27091

MEDIUM

WordPress UiPress lite plugin <= 3.5.09 - Broken Access Control vulnerability

Title source: cna

Description

Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09.

References (2)

[Vdb Entry] https://patchstack.com/database/wordpress/plugin/uipress-lite/vulnerability/wordpress-uipress-lite-plugin-3-5-09-broken-access-control-vulnerability?_s_id=cve

[Vdb Entry] https://patchstack.com/database/Wordpress/Plugin/uipress-lite/vulnerability/wordpress-uipress-lite-plugin-3-5-09-broken-access-control-vulnerability?_s_id=cve

Scores

CVSS v3 6.3

EPSS 0.0002

EPSS Percentile 6.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-862

Status published

Products (1)

UiPress/UiPress lite < 3.5.09

Published Mar 19, 2026

Tracked Since Mar 19, 2026