2 matches found
CVE-2024-12283
CVE-2024-12283 refers to the WP Pipes plugin for WordPress. It allows a Reflected Cross-Site Scripting (XSS) via the x1 parameter in all versions up to and including 1.4.1 due to insufficient input sanitization and output escaping. The vulnerability is exploitable by unauthenticated attackers who...
CVE-2025-48267
CVE-2025-48267 affects WordPress WP Pipes plugin up to version 1.4.2. The issue is an improper limitation of a pathname to a restricted directory, enabling path traversal that can lead to arbitrary file deletion. Affected software: ThimPress WP Pipes plugin (WP Pipes) on WordPress; root cause is ...