Lucene search
K
ThimpressWp Pipes

9 matches found

CVE
CVE
added 2023/10/03 12:45 p.m.60 views

CVE-2023-40009

The CVE-2023-40009 entry concerns the WordPress WP Pipes plugin (

6.5CVSS6AI score0.00202EPSS
CVE
CVE
added 2024/12/11 8:57 a.m.59 views

CVE-2024-12283

CVE-2024-12283 refers to the WP Pipes plugin for WordPress. It allows a Reflected Cross-Site Scripting (XSS) via the x1 parameter in all versions up to and including 1.4.1 due to insufficient input sanitization and output escaping. The vulnerability is exploitable by unauthenticated attackers who...

6.1CVSS6.4AI score0.00356EPSS
CVE
CVE
added 2025/06/09 3:53 p.m.53 views

CVE-2025-48267

CVE-2025-48267 affects WordPress WP Pipes plugin up to version 1.4.2. The issue is an improper limitation of a pathname to a restricted directory, enabling path traversal that can lead to arbitrary file deletion. Affected software: ThimPress WP Pipes plugin (WP Pipes) on WordPress; root cause is ...

9.1CVSS5.2AI score0.00402EPSS
CVE
CVE
added 2025/05/07 2:20 p.m.51 views

CVE-2025-47664

The CVE-2025-47664 entry describes a Server-Side Request Forgery (SSRF) vulnerability in the WordPress plugin WP Pipes (ThimPress) affecting versions up to 1.4.2. The issue arises within WP Pipes and allows an attacker to trigger SSRF conditions on the server. The available connected documentatio...

6.5CVSS8.6AI score0.00183EPSS
CVE
CVE
added 2023/03/29 6:35 p.m.50 views

CVE-2022-45355

CVE-2022-45355 : Authenticated admin+ SQL Injection in the ThimPress WP Pipes plugin prior to 1.34 (affected versions ≤1.33). Root cause: improper sanitization/escaping of SQL input from the plugin, enabling injection with admin privileges. Impact per sources includes data access/modification via...

8.2CVSS7.7AI score0.00628EPSS
CVE
CVE
added 2025/07/16 11:28 a.m.29 views

CVE-2025-28982

CVE-2025-28982 concerns WordPress plugin WP Pipes (ThimPress WP Pipes). The vulnerability is an SQL Injection caused by improper neutralization of special elements in SQL commands, affecting WP Pipes versions up to 1.4.3. The CVSS data in the primary record indicates a CRITICAL impact with high c...

9.8CVSS5.6AI score0.00409EPSS
CVE
CVE
added 2025/08/20 8:3 a.m.21 views

CVE-2025-28977

CVE-2025-28977 : Affects WordPress WP Pipes

7.1CVSS5.2AI score0.00221EPSS
CVE
CVE
added 2025/08/14 10:34 a.m.21 views

CVE-2025-28979

CVE-2025-28979 concerns the WordPress plugin WP Pipes (version <= 1.4.3). The flaw is an improper control of the filename for include/require statements, enabling Local File Inclusion (LFI). Multiple sources (NVD, Red Hat advisory, CVE lists, Patchstack) confirm WP Pipes

9.8CVSS5.3AI score0.00354EPSS
CVE
CVE
added 2025/10/22 2:32 p.m.12 views

CVE-2025-60227

CVE-2025-60227 is a path traversal vulnerability in the WordPress WP Pipes plugin, caused by improper limitation of a pathname to a restricted directory. Affected product/version: WordPress WP Pipes plugin versions

8.6CVSS6.5AI score0.00464EPSS