9 matches found
CVE-2023-40009
The CVE-2023-40009 entry concerns the WordPress WP Pipes plugin (
CVE-2024-12283
CVE-2024-12283 refers to the WP Pipes plugin for WordPress. It allows a Reflected Cross-Site Scripting (XSS) via the x1 parameter in all versions up to and including 1.4.1 due to insufficient input sanitization and output escaping. The vulnerability is exploitable by unauthenticated attackers who...
CVE-2025-48267
CVE-2025-48267 affects WordPress WP Pipes plugin up to version 1.4.2. The issue is an improper limitation of a pathname to a restricted directory, enabling path traversal that can lead to arbitrary file deletion. Affected software: ThimPress WP Pipes plugin (WP Pipes) on WordPress; root cause is ...
CVE-2025-47664
The CVE-2025-47664 entry describes a Server-Side Request Forgery (SSRF) vulnerability in the WordPress plugin WP Pipes (ThimPress) affecting versions up to 1.4.2. The issue arises within WP Pipes and allows an attacker to trigger SSRF conditions on the server. The available connected documentatio...
CVE-2022-45355
CVE-2022-45355 : Authenticated admin+ SQL Injection in the ThimPress WP Pipes plugin prior to 1.34 (affected versions ≤1.33). Root cause: improper sanitization/escaping of SQL input from the plugin, enabling injection with admin privileges. Impact per sources includes data access/modification via...
CVE-2025-28982
CVE-2025-28982 concerns WordPress plugin WP Pipes (ThimPress WP Pipes). The vulnerability is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting WP Pipes versions up to 1.4.3. The CVSS data in the primary record indicates a CRITICAL impact with high c...
CVE-2025-28977
CVE-2025-28977 : Affects WordPress WP Pipes
CVE-2025-28979
CVE-2025-28979 concerns the WordPress plugin WP Pipes (version <= 1.4.3). The flaw is an improper control of the filename for include/require statements, enabling Local File Inclusion (LFI). Multiple sources (NVD, Red Hat advisory, CVE lists, Patchstack) confirm WP Pipes
CVE-2025-60227
CVE-2025-60227 is a path traversal vulnerability in the WordPress WP Pipes plugin, caused by improper limitation of a pathname to a restricted directory. Affected product/version: WordPress WP Pipes plugin versions